diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin')
63 files changed, 3921 insertions, 4347 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index 4bb96f14..a2509287 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.StringTokenizer; @@ -40,19 +41,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() { - } + public AdminAuthenticatePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -61,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select", ""); + String select = cs.getString("preop.subsystem.select",""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -102,16 +103,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -119,17 +119,18 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Admin Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -148,14 +149,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; String cstype = ""; @@ -167,7 +170,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -182,7 +185,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: " + e.toString()); + CMS.debug("AdminAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -190,7 +193,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: " + e.toString()); + CMS.debug("AdminAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -232,10 +235,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length() != 0) + + if (s1.length()!=0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -245,16 +248,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid=" - + uid - + "&pwd=" - + pwd - + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" - + c1.toString() + "&substores=" + s1.toString(); + String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); - boolean success = updateConfigEntries(host, httpsport, true, "/" - + cstype + "/admin/" + cstype + "/getConfigEntries", - content, config, response); + boolean success = updateConfigEntries(host, httpsport, true, + "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, + response); try { config.commit(false); @@ -262,16 +260,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } if (!success) { - context.put("errorString", - "Failed to get configuration entries from the master"); - throw new IOException( - "Failed to get configuration entries from the master"); + context.put("errorString", "Failed to get configuration entries from the master"); + throw new IOException("Failed to get configuration entries from the master"); } else { boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("AdminAuthenticatePanel update: clone does not have all the certificates."); - context.put("errorString", - "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", "Make sure you have copied the certificate database over to the clone"); throw new IOException("Clone is not ready"); } } @@ -290,13 +285,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, Context context) { + private boolean isCertdbCloned(HttpServletRequest request, + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -308,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master." + token + ".nickname"; + String name1 = "preop.master."+token+".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + nickname = tokenname+":"+nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 1265fb87..78bb9485 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -69,19 +70,18 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() { - } + public AdminPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Administrator"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) { setPanelNo(panelno); setName("Administrator"); setId(id); @@ -101,39 +101,29 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) { - } + } catch (Exception e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Email address for an administrator"); + + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Email address for an administrator"); set.add("admin_email", emailDesc); - Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Administrator's password"); + Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Administrator's password"); set.add("pwd", pwdDesc); - Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Administrator's password again"); + Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Administrator's password again"); set.add("admin_password_again", pwdAgainDesc); return set; @@ -143,7 +133,8 @@ public class AdminPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("AdminPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -161,8 +152,7 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) { - } + } catch (Exception e) {} if (isPanelDone()) { try { @@ -171,14 +161,11 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) { - } + } catch (Exception e) {} } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") - + " Administrator of Instance " - + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -189,7 +176,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -199,24 +186,24 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) { - } + } catch (EBaseException e1) {} context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException + { String pwd = HttpInput.getPassword(request, "__pwd"); - String pwd_again = HttpInput.getPassword(request, - "__admin_password_again"); + String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); String name = HttpInput.getName(request, "name"); String uid = HttpInput.getUID(request, "uid"); @@ -243,8 +230,7 @@ public class AdminPanel extends WizardPanelBase { if (!pwd.equals(pwd_again)) { context.put("updateStatus", "validate-failure"); - throw new IOException( - "Password and password again are not the same."); + throw new IOException("Password and password again are not the same."); } if (email == null || email.length() == 0) { @@ -257,7 +243,8 @@ public class AdminPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("info", ""); context.put("import", "true"); @@ -269,15 +256,13 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config - .getString("securitydomain.select", ""); + security_domain_type = config.getString("securitydomain.select",""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) { - } + } catch (Exception e) {} ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -301,12 +286,14 @@ public class AdminPanel extends WizardPanelBase { throw e; } - // REMINDER: This panel is NOT used by "clones" - if (ca != null) { - if (selected_hierarchy.equals("root")) { - CMS.debug("AdminPanel update: " + "Root CA subsystem"); + // REMINDER: This panel is NOT used by "clones" + if( ca != null ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "AdminPanel update: " + + "Root CA subsystem"); } else { - CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); + CMS.debug( "AdminPanel update: " + + "Subordinate CA subsystem"); } try { @@ -322,8 +309,10 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; - // REMINDER: This panel is NOT used by "clones" - CMS.debug("AdminPanel update: " + subsystemtype + " subsystem"); + // REMINDER: This panel is NOT used by "clones" + CMS.debug( "AdminPanel update: " + + subsystemtype + + " subsystem" ); if (type.equals("sdca")) { try { @@ -350,11 +339,10 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -414,8 +402,7 @@ public class AdminPanel extends WizardPanelBase { String select = config.getString("securitydomain.select", ""); if (select.equals("new")) { - group = system - .getGroupFromName("Security Domain Administrators"); + group = system.getGroupFromName("Security Domain Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -427,8 +414,7 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise KRA Administrators"); + group = system.getGroupFromName("Enterprise KRA Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -440,22 +426,19 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise TKS Administrators"); + group = system.getGroupFromName("Enterprise TKS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise OCSP Administrators"); + group = system.getGroupFromName("Enterprise OCSP Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise TPS Administrators"); + group = system.getGroupFromName("Enterprise TPS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -467,9 +450,8 @@ public class AdminPanel extends WizardPanelBase { } } - private void submitRequest(String ca_hostname, int ca_port, - HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException { + private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request, + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String sd_hostname = null; int sd_port = -1; @@ -477,29 +459,22 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) { - } + } catch (Exception e) {} String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { - profileId = config.getString("preop.admincert.profile", - "caAdminCert"); - } catch (Exception e) { - } + profileId = config.getString("preop.admincert.profile", "caAdminCert"); + } catch (Exception e) {} } - String cert_request_type = HttpInput - .getID(request, "cert_request_type"); + String cert_request_type = HttpInput.getID(request, "cert_request_type"); String cert_request = HttpInput.getCertRequest(request, "cert_request"); cert_request = URLEncoder.encode(cert_request, "UTF-8"); String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId=" + profileId + "&cert_request_type=" - + cert_request_type + "&cert_request=" + cert_request - + "&xmlOutput=true&sessionID=" + session_id + "&subject=" - + subjectDN; + String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -522,7 +497,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -533,15 +508,15 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("AdminPanel::submitRequest() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "AdminPanel::submitRequest() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); CMS.debug("AdminPanel update: status=" + status); if (status.equals("2")) { - // relogin to the security domain + //relogin to the security domain reloginSecurityDomain(response); return; } else if (!status.equals("0")) { @@ -550,7 +525,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -564,7 +539,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -586,13 +561,12 @@ public class AdminPanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { String cert_request = HttpInput.getCertRequest(request, "cert_request"); - String cert_request_type = HttpInput - .getID(request, "cert_request_type"); + String cert_request_type = HttpInput.getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if (cs == null) { - CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); - throw new IOException("cs is null"); + if( cs == null ) { + CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); + throw new IOException( "cs is null" ); } String subject = ""; @@ -604,13 +578,14 @@ public class AdminPanel extends WizardPanelBase { subject = CryptoUtil.getSubjectName(crmfMsgs); x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs); } catch (Exception e) { - CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + CMS.debug( + "AdminPanel createAdminCertificate: Exception=" + + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -619,35 +594,33 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if (x509key == null) { - CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); - throw new IOException("x509key is null"); + if( x509key == null ) { + CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); + throw new IOException( "x509key is null" ); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); - String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", - "local"); + String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, - cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } - cs.putString("preop.admincert.serialno.0", impl.getSerialNumber() - .toString(16)); + cs.putString("preop.admincert.serialno.0", + impl.getSerialNumber().toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -655,7 +628,8 @@ public class AdminPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); @@ -666,9 +640,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) { - } - if (ca == null && type.equals("otherca")) { + } catch (Exception e) {} + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -682,7 +655,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", null); + String s = c.getString("preop.subsystem.select",null); if (s != null && s.equals("clone")) { return true; } @@ -692,11 +665,11 @@ public class AdminPanel extends WizardPanelBase { return false; } + private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -707,18 +680,16 @@ public class AdminPanel extends WizardPanelBase { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - cs.putString("preop.admincert.pkcs7", - CryptoUtil.normalizeCertStr(p7Str)); + cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " - + e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index b5f74fd0..a62b22b7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() { - } + public AgentAuthenticatePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -56,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select", ""); + String select = cs.getString("securitydomain.select",""); if (select.equals("new")) { return true; } @@ -77,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -95,16 +96,15 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,19 +112,20 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Agent Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -141,14 +142,17 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException + { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); context.put("title", "Agent Authentication"); @@ -178,34 +182,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: " + e.toString()); + CMS.debug("AgentAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: " + e.toString()); + CMS.debug("AgentAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - /* - * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed - * from // web.xml as part of CC interface review boolean - * authenticated = authenticate(host, httpsport, true, - * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - * - * if (!authenticated) { context.put("errorString", - * "Wrong user id or password"); throw new - * IOException("Wrong user id or password"); } - */ +/* + // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from + // web.xml as part of CC interface review + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } +*/ try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } @@ -213,7 +217,9 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index b4f29a43..ceab1d8d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() { - } + public AuthenticatePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -61,22 +62,21 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid", ""); + String s = cs.getString("preop.ca.agent.uid",""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -84,19 +84,20 @@ public class AuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -113,14 +114,16 @@ public class AuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String type = ""; String catype = ""; @@ -148,31 +151,30 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: " + e.toString()); + CMS.debug("AuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: " + e.toString()); + CMS.debug("AuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } @@ -180,7 +182,9 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 38bbbc64..77977808 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -70,19 +71,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() { - } + public BackupKeyCertPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -104,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -121,16 +122,15 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -138,7 +138,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Export Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); @@ -169,13 +170,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); String pwdAgain = request.getParameter("__pwdagain"); - if (pwd == null || pwdAgain == null || pwd.equals("") - || pwdAgain.equals("")) { + if (pwd == null || pwdAgain == null || pwd.equals("") || pwdAgain.equals("")) { CMS.debug("BackupKeyCertPanel validate: Password is null"); context.put("updateStatus", "validate-failure"); throw new IOException("PK12 password is empty."); @@ -184,8 +184,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (!pwd.equals(pwdAgain)) { CMS.debug("BackupKeyCertPanel validate: Password and password again are not the same."); context.put("updateStatus", "validate-failure"); - throw new IOException( - "PK12 password is different from the PK12 password again."); + throw new IOException("PK12 password is different from the PK12 password again."); } } } @@ -194,7 +193,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -219,7 +219,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -240,7 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) throws IOException { + public void backupKeysCerts(HttpServletRequest request) + throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -254,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + "Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String pwd = request.getParameter("__pwd"); @@ -270,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert." + t + ".nickname"); + nickname = cs.getString("preop.cert."+t+".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname + ":" + nickname; + nickname = modname+":"+nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -285,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); + CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -293,24 +296,22 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); + CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); throw new IOException("Failed to create pkcs12 file."); } - } // while loop - + } //while loop + X509Certificate[] cacerts = cm.getCACerts(); - for (int i = 0; i < cacerts.length; i++) { - // String nickname = cacerts[i].getSubjectDN().toString(); + for (int i=0; i<cacerts.length; i++) { + //String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { - byte[] localKeyId = addCertBag(cacerts[i], nickname, - safeContents); + byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents); } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -318,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -328,14 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -343,24 +343,24 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte salt[] = random.generateSeed(4); // 4 bytes salt byte[] priData = getEncodedKey(pkey); - PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode( - PrivateKeyInfo.getTemplate(), priData); + PrivateKeyInfo pki = (PrivateKeyInfo) + ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, - passConverter, pki); - SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(), - localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key, - keyAttrs); + PBEAlgorithm.PBE_SHA1_DES3_CBC, + pass, salt, 1, passConverter, pki); + SET keyAttrs = createBagAttrs( + x509cert.getSubjectDN().toString(), localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, + key, keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -368,11 +368,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { SET certAttrs = null; if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); - SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag( - CertBag.X509_CERT_TYPE, cert), certAttrs); + SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -385,9 +385,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { CryptoToken token = cm.getInternalKeyStorageToken(); KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -396,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) + throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -413,18 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " - + e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " - + e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -445,8 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 74961c49..01d06631 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; @@ -29,6 +30,7 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; + public class BaseServlet extends VelocityServlet { /** @@ -44,14 +46,14 @@ public class BaseServlet extends VelocityServlet { } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String pin = (String) request.getSession().getAttribute("pin"); if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) { - } + } catch (IOException e) {} return false; } return true; @@ -64,26 +66,29 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("BaseServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("BaseServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } @@ -92,12 +97,14 @@ public class BaseServlet extends VelocityServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return null; } public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { if (CMS.debugOn()) { outputHttpParameters(request); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 5e4c015e..33a0ff69 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -38,19 +39,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() { - } + public CAInfoPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -81,15 +82,14 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) { - } + } catch (Exception e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -97,7 +97,8 @@ public class CAInfoPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("CAInfoPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -117,18 +118,15 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) { - } + } catch (Exception e) {} try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) { - } + } catch (Exception e) {} try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) { - } + } catch (Exception e) {} if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -145,11 +143,12 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; - /* - * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException - * e) {} - */ - +/* + try { + cstype = cs.getString("cs.type", ""); + } catch (EBaseException e) {} +*/ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -164,13 +163,12 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) { - } - + } catch (Exception e) {} + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -185,7 +183,8 @@ public class CAInfoPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); } @@ -193,18 +192,20 @@ public class CAInfoPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { /* - * String select = request.getParameter("choice"); if (select == null) { - * CMS.debug("CAInfoPanel: choice not found"); throw new - * IOException("choice not found"); } + String select = request.getParameter("choice"); + if (select == null) { + CMS.debug("CAInfoPanel: choice not found"); + throw new IOException("choice not found"); + } */ IConfigStore config = CMS.getConfigStore(); try { - String subsystemselect = config.getString("preop.subsystem.select", - ""); + String subsystemselect = config.getString("preop.subsystem.select", ""); if (subsystemselect.equals("clone")) return; } catch (Exception e) { @@ -212,26 +213,25 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; - } - counter++; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; } - } catch (Exception e) { + counter++; } + } catch (Exception e) {} } URL urlx = null; @@ -240,7 +240,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,12 +272,10 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} } - private void sdca(HttpServletRequest request, Context context, - String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); @@ -294,23 +292,26 @@ public class CAInfoPanel extends WizardPanelBase { try { httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug("CAInfoPanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug( + "CAInfoPanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Http Port is not valid."); } config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, - true, context, certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "ca", hostname, + httpsport, true, context, + certApprovalCallback ); } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ context.put("title", "CA Information"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index 0aedded8..fb8c2d9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,6 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + + + public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -113,8 +116,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 15059d08..30bcc78d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -41,19 +42,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() { - } + public CertPrettyPrintPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -62,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -74,15 +75,15 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", false); + boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -92,10 +93,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { CMS.debug("CertPrettyPrintPanel: in getCert()"); try { // String cert = config.getString(CONF_CA_CERT); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - String certs = config - .getString(subsystem + "." + certTag + ".cert"); + String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); + String certs = config.getString(subsystem + "." + certTag + ".cert"); byte[] certb = CryptoUtil.base64Decode(certs); if (cert != null) { @@ -117,7 +116,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("CertPrettyPrintPanel: display()"); context.put("title", "Certificates Pretty Print"); @@ -134,30 +134,32 @@ public class CertPrettyPrintPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - String nickname = config.getString(subsystem + "." - + certTag + ".nickname"); - String tokenname = config.getString(subsystem + "." - + certTag + ".tokenname"); + String nickname = config.getString( + subsystem + "." + certTag + ".nickname"); + String tokenname = config.getString( + subsystem + "." + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); - String type = config.getString(PCERT_PREFIX + certTag - + ".type"); + String type = config.getString( + PCERT_PREFIX + certTag + ".type"); c.setType(type); getCert(request, config, context, certTag, c); mCerts.addElement(c); } catch (Exception e) { - CMS.debug("CertPrettyPrintPanel: display() certTag " - + certTag + " Exception caught: " + e.toString()); + CMS.debug( + "CertPrettyPrintPanel: display() certTag " + certTag + + " Exception caught: " + e.toString()); } } } catch (Exception e) { - CMS.debug("CertPrettyPrintPanel:display() Exception caught: " - + e.toString()); + CMS.debug( + "CertPrettyPrintPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -173,22 +175,25 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { CMS.debug("CertPrettyPrintPanel: in update()"); IConfigStore config = CMS.getConfigStore(); config.putBoolean("preop.CertPrettyPrintPanel.done", true); try { config.commit(false); } catch (EBaseException e) { - CMS.debug("CertPrettyPrintPanel: update() Exception caught at config commit: " - + e.toString()); + CMS.debug( + "CertPrettyPrintPanel: update() Exception caught at config commit: " + + e.toString()); } } @@ -196,7 +201,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Certificates Pretty Print"); context.put("panel", "admin/console/config/certprettyprintpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 962c9080..5e783b1a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -57,38 +58,35 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() { - } + public CertRequestPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; setId(id); } - // XXX how do you do this? There could be multiple certs. + // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameters */ - null); + + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameters */ + null); set.add("cert", certDesc); - + return set; } @@ -97,13 +95,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -114,10 +112,9 @@ public class CertRequestPanel extends WizardPanelBase { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname + ":" + nickname; + fullnickname = tokenname+":"+nickname; } try { @@ -129,23 +126,16 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " - + fullnickname - + " has been found on HSM. Please remove it before proceeding."); - throw new IOException( - "The certificate with the same nickname: " - + fullnickname - + " has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:" - + e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception=" - + e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); return false; } } @@ -158,13 +148,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); - + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -186,28 +176,27 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " - + e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum, 16)); + cr.resetSerialNumber(new BigInteger(beginNum,16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " - + e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); } } } + StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); - nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); + nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); } catch (Exception e) { } @@ -219,12 +208,10 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate (" - + nickname + ")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" - + nickname + "). Exception: " + e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); } } } @@ -240,50 +227,50 @@ public class CertRequestPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertRequestPanel.done", false); + boolean s = cs.getBoolean("preop.CertRequestPanel.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } - public void getCert(IConfigStore config, Context context, String certTag, - Cert cert) { + public void getCert(IConfigStore config, + Context context, String certTag, Cert cert) { try { - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - String certs = config.getString( - subsystem + "." + certTag + ".cert", ""); + String certs = config.getString(subsystem + "." + certTag + ".cert", ""); if (cert != null) { String certf = certs; - CMS.debug("CertRequestPanel getCert: certTag=" + certTag + CMS.debug( + "CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs); - // get and set formated cert - if (!certs.startsWith("...")) { + //get and set formated cert + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); - // get and set cert pretty print + //get and set cert pretty print byte[] certb = CryptoUtil.base64Decode(certs); CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug("CertRequestPanel::getCert() - cert is null!"); + CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); return; } - String userfriendlyname = config.getString(PCERT_PREFIX + certTag - + ".userfriendlyname"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); cert.setUserFriendlyName(userfriendlyname); String type = config.getString(PCERT_PREFIX + certTag + ".type"); @@ -298,45 +285,46 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception { + throws Exception + { X509Key pubk = null; - String pubKeyEncoded = config.getString(PCERT_PREFIX + certTag - + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception { + throws Exception + { X509Key pubk = null; - String pubKeyModulus = config.getString(PCERT_PREFIX + certTag - + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString(PCERT_PREFIX + certTag - + ".pubkey.exponent"); + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } - public void handleCertRequest(IConfigStore config, Context context, - String certTag, Cert cert) { + public void handleCertRequest(IConfigStore config, + Context context, String certTag, Cert cert) { try { // get public key - String pubKeyType = config.getString(PCERT_PREFIX + certTag - + ".keytype"); - String algorithm = config.getString(PCERT_PREFIX + certTag - + ".keyalgorithm"); + String pubKeyType = config.getString( + PCERT_PREFIX + certTag + ".keytype"); + String algorithm = config.getString( + PCERT_PREFIX + certTag + ".keyalgorithm"); X509Key pubk = null; if (pubKeyType.equals("rsa")) { pubk = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug("CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!"); + CMS.debug( "CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!" ); return; } @@ -349,11 +337,11 @@ public class CertRequestPanel extends WizardPanelBase { } // get private key - String privKeyID = config.getString(PCERT_PREFIX + certTag - + ".privkey.id"); + String privKeyID = config.getString( + PCERT_PREFIX + certTag + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -361,7 +349,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -373,9 +361,9 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); config.commit(false); cert.setRequest(certReqf); @@ -390,7 +378,8 @@ public class CertRequestPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("CertRequestPanel: display()"); context.put("title", "Requests and Certificates"); @@ -407,35 +396,36 @@ public class CertRequestPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - String nickname = config.getString(subsystem + "." - + certTag + ".nickname"); - String tokenname = config.getString(subsystem + "." - + certTag + ".tokenname"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); + String nickname = config.getString( + subsystem + "." + certTag + ".nickname"); + String tokenname = config.getString( + subsystem + "." + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); handleCertRequest(config, context, certTag, c); - String type = config.getString(PCERT_PREFIX + certTag - + ".type"); + String type = config.getString( + PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); c.setSubsystem(subsystem); mCerts.addElement(c); } catch (Exception e) { - CMS.debug("CertRequestPanel:display() Exception caught: " - + e.toString() + " for certTag " + certTag); + CMS.debug( + "CertRequestPanel:display() Exception caught: " + + e.toString() + " for certTag " + certTag); } } } catch (Exception e) { - CMS.debug("CertRequestPanel:display() Exception caught: " - + e.toString()); + CMS.debug( + "CertRequestPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -451,7 +441,8 @@ public class CertRequestPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } private boolean findBootstrapServerCert() { @@ -467,8 +458,7 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" - + e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); } return false; @@ -482,8 +472,7 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" - + e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); } } @@ -491,7 +480,8 @@ public class CertRequestPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { CMS.debug("CertRequestPanel: in update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -512,7 +502,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -520,216 +510,202 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); - CMS.debug("CertRequestPanel: update() for cert tag " - + cert.getCertTag()); - // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", - // ""); + CMS.debug( + "CertRequestPanel: update() for cert tag " + + cert.getCertTag()); + // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", ""); String b64 = HttpInput.getCert(request, certTag); if (cert.getType().equals("local") - && b64.equals("...certificate be generated internally...")) { + && b64.equals( + "...certificate be generated internally...")) { - String pubKeyType = config.getString(PCERT_PREFIX + certTag - + ".keytype"); + String pubKeyType = config.getString( + PCERT_PREFIX + certTag + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, - x509key, PCERT_PREFIX, certTag, cert.getType(), - context); + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, cert.getType(), context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); - config.putString(subsystem + "." + certTag + ".cert", - certs); + config.putString(subsystem + "." + certTag + ".cert", certs); /* import certificate */ - CMS.debug("CertRequestPanel configCert: nickname=" - + nickname); + CMS.debug( + "CertRequestPanel configCert: nickname=" + + nickname); try { - if (certTag.equals("sslserver") - && findBootstrapServerCert()) + if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) deleteCert(tokenname, nickname); - if (certTag.equals("signing") - && subsystem.equals("ca")) - CryptoUtil - .importUserCertificate(impl, nickname); + if (certTag.equals("signing") && subsystem.equals("ca")) + CryptoUtil.importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, - nickname, false); - CMS.debug("CertRequestPanel configCert: cert imported for certTag " - + certTag); + CryptoUtil.importUserCertificate(impl, nickname, false); + CMS.debug( + "CertRequestPanel configCert: cert imported for certTag " + + certTag); } catch (Exception ee) { - CMS.debug("CertRequestPanel configCert: import certificate for certTag=" - + certTag + " Exception: " + ee.toString()); + CMS.debug( + "CertRequestPanel configCert: import certificate for certTag=" + + certTag + " Exception: " + + ee.toString()); CMS.debug("ok"); - // hasErr = true; +// hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, - certTag + "_cc"); - CMS.debug("CertRequestPanel: in update() process remote...import cert"); + String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); + CMS.debug( + "CertRequestPanel: in update() process remote...import cert"); - String input = HttpInput.getCert(request, - cert.getCertTag()); + String input = HttpInput.getCert(request, cert.getCertTag()); if (input != null) { try { - if (certTag.equals("sslserver") - && findBootstrapServerCert()) + if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" - + e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); byte[] certb = CryptoUtil.base64Decode(certs); - config.putString(subsystem + "." + certTag - + ".cert", certs); + config.putString(subsystem + "." + certTag + ".cert", + certs); try { CryptoManager cm = CryptoManager.getInstance(); - X509Certificate x509cert = cm - .importCertPackage(certb, nickname); + X509Certificate x509cert = cm.importCertPackage( + certb, nickname); CryptoUtil.trustCertByNickname(nickname); - X509Certificate[] certchains = cm - .buildCertificateChain(x509cert); + X509Certificate[] certchains = cm.buildCertificateChain( + x509cert); X509Certificate leaf = null; if (certchains != null) { - CMS.debug("CertRequestPanel certchains length=" - + certchains.length); + CMS.debug( + "CertRequestPanel certchains length=" + + certchains.length); leaf = certchains[certchains.length - 1]; } - if (leaf == null) { - CMS.debug("CertRequestPanel::update() - " - + "leaf is null!"); - throw new IOException("leaf is null"); + if( leaf == null ) { + CMS.debug( "CertRequestPanel::update() - " + + "leaf is null!" ); + throw new IOException( "leaf is null" ); } - if (/* (certchains.length <= 1) && */ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " - + b64chain); - try { - CryptoUtil - .importCertificateChain(CryptoUtil - .normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: " - + e.toString()); - } + if (/*(certchains.length <= 1) &&*/ + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + try { + CryptoUtil.importCertificateChain( + CryptoUtil.normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); - CMS.debug("CertRequestPanel configCert: import certificate successfully, certTag=" - + certTag); + icert.setSSLTrust( + InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); + CMS.debug( + "CertRequestPanel configCert: import certificate successfully, certTag=" + + certTag); } catch (Exception ee) { - CMS.debug("CertRequestPanel configCert: import certificate for certTag=" - + certTag - + " Exception: " - + ee.toString()); + CMS.debug( + "CertRequestPanel configCert: import certificate for certTag=" + + certTag + " Exception: " + + ee.toString()); CMS.debug("ok"); - // hasErr=true; +// hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr = true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr=true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); byte[] certb = CryptoUtil.base64Decode(certs); X509CertImpl impl = new X509CertImpl(certb); try { - if (certTag.equals("sslserver") - && findBootstrapServerCert()) + if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception=" - + ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); } try { if (certTag.equals("signing") && subsystem.equals("ca")) CryptoUtil.importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, nickname, - false); + CryptoUtil.importUserCertificate(impl, nickname, false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate." - + ee.toString()); - hasErr = true; + CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); + hasErr=true; } } - // update requests in request queue for local certs to allow - // renewal - if ((cert.getType().equals("local")) - || (cert.getType().equals("selfsign"))) { - CertUtil.updateLocalRequest(config, certTag, - cert.getRequest(), "pkcs10", null); + //update requests in request queue for local certs to allow renewal + if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) { + CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null); } if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + NickName = tokenname+ ":"+ nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert " - + NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } - } // while loop + } + } //while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -737,7 +713,7 @@ public class CertRequestPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); } - // reset the attribute of the user certificate to u,u,u + //reset the attribute of the user certificate to u,u,u String certlist = ""; try { certlist = config.getString("preop.cert.list", ""); @@ -747,28 +723,25 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert." + tag - + ".nickname", ""); + String nickname = config.getString("preop.cert."+tag+".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + nickname = tokenname+":"+nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate) c; + InternalCertificate ic = (InternalCertificate)c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { - ic.setObjectSigningTrust(InternalCertificate.USER - | InternalCertificate.VALID_PEER - | InternalCertificate.TRUSTED_PEER); + ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } else { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); @@ -779,7 +752,8 @@ public class CertRequestPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Certificate Request"); context.put("panel", "admin/console/config/certrequestpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 0a6d3c60..3725149d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,12 +64,13 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; + public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, int port, - String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, + int port, String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -97,22 +98,21 @@ public class CertUtil { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("CertUtil::createRemoteCert() - " + "Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "CertUtil::createRemoteCert() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); CMS.debug("CertUtil createRemoteCert: status=" + status); if (status.equals("2")) { - // relogin to the security domain + //relogin to the security domain panel.reloginSecurityDomain(response); return null; } else if (!status.equals("0")) { @@ -136,43 +136,43 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); X509Key pubk = null; try { - String pubKeyType = config.getString(prefix + certTag + ".keytype"); - String algorithm = config.getString(prefix + certTag - + ".keyalgorithm"); + String pubKeyType = config.getString( + prefix + certTag + ".keytype"); + String algorithm = config.getString( + prefix + certTag + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString(prefix + certTag - + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString(prefix + certTag - + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString( + prefix + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + prefix + certTag + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString(prefix + certTag - + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString( + prefix + certTag + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); } else { - CMS.debug("CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!"); - throw new IOException("public key type is unsupported"); + CMS.debug( "CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!" ); + throw new IOException( "public key type is unsupported" ); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException("public key is null"); + throw new IOException( "public key is null" ); } // get private key - String privKeyID = config.getString(prefix + certTag - + ".privkey.id"); + String privKeyID = config.getString(prefix + certTag + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); @@ -187,8 +187,8 @@ public class CertUtil { String dn = config.getString(prefix + certTag + ".dn"); PKCS10 certReq = null; - certReq = CryptoUtil.createCertificationRequest(dn, pubk, privk, - algorithm); + certReq = CryptoUtil.createCertificationRequest(dn, pubk, + privk, algorithm); byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); @@ -201,15 +201,15 @@ public class CertUtil { } } - /* - * create requests so renewal can work on these initial certs - */ - public static IRequest createLocalRequest(IRequestQueue queue, - String serialNum, X509CertInfo info) throws EBaseException { - // RequestId rid = new RequestId(serialNum); + +/* + * create requests so renewal can work on these initial certs + */ + public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { +// RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue - // IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); +// IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -217,14 +217,14 @@ public class CertUtil { req.setExtData("req_seq_num", "0"); req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, - new CertificateExtensions()); + new CertificateExtensions()); req.setExtData("requesttype", "enrollment"); req.setExtData("requestor_name", ""); req.setExtData("requestor_email", ""); req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes", ""); + req.setExtData("requestnotes",""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,19 +235,18 @@ public class CertUtil { return req; } - /** - * update local cert request with the actual request called from - * CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, - String certReq, String reqType, String subjectName) { - try { +/** + * update local cert request with the actual request + * called from CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) + { + try { CMS.debug("Updating local request... certTag=" + certTag); - RequestId rid = new RequestId(config.getString("preop.cert." - + certTag + ".reqId")); + RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); IRequestQueue queue = ca.getRequestQueue(); if (queue != null) { @@ -263,84 +262,76 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } - /** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different - * algorithm can specify it in the profile using default.params.signingAlg - */ +/** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different algorithm + * can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString( - "preop.cert.signing.keytype", "rsa"); + String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - } - ; - } - ; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()) - .split(","); - for (int i = 0; i < algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i] - .indexOf("RSA") != -1)) - || (caSigningKeyType.equals("ecc") && (algs[i] - .indexOf("EC") != -1))) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + }; + }; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()).split(","); + for (int i=0; i<algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || + (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } return algorithm; } - public static X509CertImpl createLocalCert(IConfigStore config, - X509Key x509key, String prefix, String certTag, String type, - Context context) throws IOException { + public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, + String prefix, String certTag, String type, Context context) throws IOException { CMS.debug("Creating local certificate... certTag=" + certTag); String profile = null; try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) { - } + } catch (Exception e) {} X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -353,40 +344,38 @@ public class CertUtil { if (certTag.equals("admin")) { keyAlgorithm = getAdminProfileAlgorithm(config); } else { - keyAlgorithm = config.getString(prefix + certTag - + ".keyalgorithm"); + keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm"); } - ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); cr = (ICertificateRepository) ca.getCertificateRepository(); BigInteger serialNo = cr.getNextSerialNumber(); if (type.equals("selfsign")) { CMS.debug("Creating local certificate... issuerdn=" + dn); CMS.debug("Creating local certificate... dn=" + dn); - info = CryptoUtil.createX509CertInfo(x509key, - serialNo.intValue(), dn, dn, date, date, keyAlgorithm); - } else { + info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, + date, keyAlgorithm); + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, - serialNo.intValue(), issuerdn, dn, date, date, - keyAlgorithm); + serialNo.intValue(), issuerdn, dn, date, date, keyAlgorithm); } CMS.debug("Cert Template: " + info.toString()); String instanceRoot = config.getString("instanceRoot"); - CertInfoProfile processor = new CertInfoProfile(instanceRoot - + "/conf/" + profile); + CertInfoProfile processor = new CertInfoProfile( + instanceRoot + "/conf/" + profile); // cfu - create request to enable renewal try { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= " + profile); + CMS.debug("CertUtil profile name= "+profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -398,60 +387,59 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); - req.setExtData("profilesetid", - processor.getProfileSetIDMapping()); + req.setExtData("profilesetid", processor.getProfileSetIDMapping()); reqId = req.getRequestId(); - config.putString("preop.cert." + certTag + ".reqId", - reqId.toString()); + config.putString("preop.cert." + certTag + ".reqId", reqId.toString()); } else { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:" + e.toString()); + CMS.debug("Creating local request exception:"+e.toString()); } processor.populate(info); - String caPriKeyID = config.getString(prefix + "signing" - + ".privkey.id"); + String caPriKeyID = config.getString( + prefix + "signing" + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID); - PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb); + PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( + keyIDb); - if (caPrik == null) { - CMS.debug("CertUtil::createSelfSignedCert() - " - + "CA private key is null!"); - throw new IOException("CA private key is null"); + if( caPrik == null ) { + CMS.debug( "CertUtil::createSelfSignedCert() - " + + "CA private key is null!" ); + throw new IOException( "CA private key is null" ); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = config.getString( - "preop.cert.signing.keytype", "rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString( - "preop.cert.signing.keyalgorithm", "SHA256withRSA"); + String caSigningKeyType = + config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString( - "preop.cert.signing.signingalgorithm", "SHA256withRSA"); + caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, + caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, + caSigningKeyAlgo); } if (cert != null) { @@ -465,8 +453,7 @@ public class CertUtil { if (cr == null) { context.put("errorString", "Ceritifcate Authority is not ready to serve."); - throw new IOException( - "Ceritifcate Authority is not ready to serve."); + throw new IOException("Ceritifcate Authority is not ready to serve."); } ICertRecord record = null; @@ -475,21 +462,23 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); - record = (ICertRecord) cr.createCertRecord(cert.getSerialNumber(), - cert, meta); + record = (ICertRecord) cr.createCertRecord( + cert.getSerialNumber(), cert, meta); } catch (Exception e) { - CMS.debug("NamePanel configCert: failed to add metainfo. Exception: " - + e.toString()); + CMS.debug( + "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); } try { cr.addCertificateRecord(record); - CMS.debug("NamePanel configCert: finished adding certificate record."); + CMS.debug( + "NamePanel configCert: finished adding certificate record."); } catch (Exception e) { - CMS.debug("NamePanel configCert: failed to add certificate record. Exception: " - + e.toString()); + CMS.debug( + "NamePanel configCert: failed to add certificate record. Exception: " + + e.toString()); try { cr.deleteCertificateRecord(record.getSerialNumber()); cr.addCertificateRecord(record); @@ -499,10 +488,10 @@ public class CertUtil { } if (req != null) { - // update request with cert + // update request with cert req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert); - // store request in db + // store request in db try { CMS.debug("certUtil: before updateRequest"); if (queue != null) { @@ -518,21 +507,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num = 0; + int num=0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user" + num; + String id = "user"+num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -577,7 +566,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); + CMS.debug("CertUtil addUserCertificate exception="+e.toString()); } IGroup group = null; @@ -591,8 +580,7 @@ public class CertUtil { CMS.debug("CertUtil addUserCertificate: update: successfully added the user to the group."); } } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate update: modifyGroup " - + e.toString()); + CMS.debug("CertUtil addUserCertificate update: modifyGroup " + e.toString()); } } @@ -615,17 +603,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); + givenid = cs.getString("preop.cert."+certTag+".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -634,10 +622,9 @@ public class CertUtil { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname + ":" + nickname; + fullnickname = tokenname+":"+nickname; } X509Certificate cert = null; @@ -646,8 +633,7 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" - + fullnickname + " Exception:" + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); return false; } @@ -655,22 +641,19 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" - + fullnickname + ") exception: " + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" - + fullnickname + ")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " - + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index a28ae76b..b3c10b6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,6 +36,7 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; + public class CheckIdentity extends CMSServlet { /** @@ -51,7 +52,6 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,8 +61,7 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -75,12 +74,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index e1d18140..f2587300 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -27,6 +28,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; + public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -34,7 +36,8 @@ public abstract class ConfigBaseServlet extends BaseServlet { private static final long serialVersionUID = 7692352201878710530L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String display = request.getParameter("display"); if (display == null) { @@ -47,40 +50,43 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context); + HttpServletResponse response, + Context context); public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("ConfigBaseServlet:service() uri = " - + httpReq.getRequestURI()); + CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } @@ -89,8 +95,9 @@ public abstract class ConfigBaseServlet extends BaseServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { - + HttpServletResponse response, + Context context) { + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -100,16 +107,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index 8216593a..d95c85d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,14 +20,16 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -public class ConfigCertApprovalCallback implements - SSLCertificateApprovalCallback { + +public class ConfigCertApprovalCallback + implements SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 536e953a..37493b6b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class ConfigCertReqServlet extends BaseServlet { /** @@ -32,14 +34,15 @@ public class ConfigCertReqServlet extends BaseServlet { private static final long serialVersionUID = 4489288758636916446L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity - .getTemplate("admin/console/config/config_certreq.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_certreq.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index ddd098bc..e7d88a35 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class ConfigCloneServlet extends BaseServlet { /** @@ -32,14 +34,15 @@ public class ConfigCloneServlet extends BaseServlet { private static final long serialVersionUID = -9065299591659111350L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity - .getTemplate("admin/console/config/config_clone.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_clone.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 05fc8936..08ebf08e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,6 +28,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; + public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -45,8 +47,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) { - } + } catch (Exception e) {} if (modified.equals("true")) { return true; @@ -56,7 +57,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String hostname = null; String portStr = null; String basedn = null; @@ -73,8 +75,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } else { hostname = HOST; portStr = PORT; @@ -94,7 +95,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); String errorString = ""; String hostname = request.getParameter("host"); @@ -111,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -157,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -183,11 +185,11 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) { - } + } catch (Exception e) {} return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index c524e667..d04fbf2f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.FileNotFoundException; import java.io.IOException; @@ -45,13 +46,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() { - } + public ConfigHSMLoginPanel() {} public void init(ServletConfig config, int panelno) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString( + "passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -59,11 +60,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { setName("ConfigHSMLogin"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString( + "passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -88,7 +89,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ConfigHSMLoginPanel: in display()"); context.put("title", "Security Module Login"); @@ -113,8 +115,9 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(tokName); } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug( + "ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + tokName); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; @@ -129,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-" + tokName); + String tokPwd = pr.getPassword("hardware-"+tokName); boolean loggedIn = false; @@ -154,47 +157,48 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug("ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug("ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug("ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug("ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug( + "ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* - * no - * default - * parameters - */ - - set.add("choice", choiceDesc); - + set.add( + "choice", choiceDesc); + return set; } @@ -202,11 +206,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); String select = ""; @@ -214,10 +220,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - - // if (select.equals("clone")) - // return; - + +// if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -227,7 +233,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -242,41 +248,47 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(uTokName); } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug( + "ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + uTokName); } try { if (loginToken(token, uPasswd, context) == false) { - CMS.debug("ConfigHSMLoginPanel:loginToken failed for " - + uTokName); + CMS.debug( + "ConfigHSMLoginPanel:loginToken failed for " + + uTokName); context.put("error", "tokenLoginFailed"); context.put("updateStatus", "login failed"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; } - CMS.debug("ConfigHSMLoginPanel: update(): just logged in successfully"); + CMS.debug( + "ConfigHSMLoginPanel: update(): just logged in successfully"); PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-" + uTokName, uPasswd); + pw.putPassword("hardware-"+uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { - CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to " + mPwdFilePath); - CMS.debug("ConfigHSMLoginPanel: update(): password not written to cache"); + CMS.debug( + "ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString() + " writing to "+ mPwdFilePath); + CMS.debug( + "ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString()); + CMS.debug( + "ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -290,8 +302,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Security Module Login"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index 814569ed..bfc6e278 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -38,6 +39,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; + public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -66,8 +68,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug("ConfigHSMServlet: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug( + "ConfigHSMServlet: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -116,19 +119,21 @@ public class ConfigHSMServlet extends ConfigBaseServlet { try { CryptoToken token = (CryptoToken) tokens.nextElement(); - CMS.debug("ConfigHSMServlet: token nick name=" - + token.getName()); - CMS.debug("ConfigHSMServlet: token logged in?" - + token.isLoggedIn()); - CMS.debug("ConfigHSMServlet: token is present?" - + token.isPresent()); + CMS.debug("ConfigHSMServlet: token nick name=" + token.getName()); + CMS.debug( + "ConfigHSMServlet: token logged in?" + + token.isLoggedIn()); + CMS.debug( + "ConfigHSMServlet: token is present?" + + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token")) { module.addToken(token); } else { - CMS.debug("ConfigHSMServlet: token " + token.getName() + CMS.debug( + "ConfigHSMServlet: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -160,11 +165,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -173,7 +178,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -182,14 +187,16 @@ public class ConfigHSMServlet extends ConfigBaseServlet { }// for } catch (Exception e) { - CMS.debug("ConfigHSMServlet: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug( + "ConfigHSMServlet: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String choice = request.getParameter("choice"); if (choice == null) { @@ -216,7 +223,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ConfigHSMServlet: in display()"); loadCurrModTable(); @@ -244,7 +252,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); @@ -277,11 +286,12 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) { - } + } catch (Exception e) {} return null; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 6bf74af6..3b3b8a64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class ConfigImportCertServlet extends BaseServlet { /** @@ -32,14 +34,15 @@ public class ConfigImportCertServlet extends BaseServlet { private static final long serialVersionUID = 1907102921734394118L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity - .getTemplate("admin/console/config/config_importcert.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_importcert.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 4415fdbd..01917303 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,6 +30,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; + public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -37,7 +39,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { private static final long serialVersionUID = -5848083581083497909L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String cert = request.getParameter("cert"); if (cert == null) { @@ -49,13 +52,12 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} if (cert == null || cert.equals("")) { return false; } else { @@ -67,14 +69,15 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore config = CMS.getConfigStore(); try { - String pubKeyModulus = config - .getString("preop.keysize.pubKeyModulus"); - String pubKeyPublicExponent = config - .getString("preop.keysize.pubKeyPublicExponent"); + String pubKeyModulus = config.getString( + "preop.keysize.pubKeyModulus"); + String pubKeyPublicExponent = config.getString( + "preop.keysize.pubKeyPublicExponent"); String dn = config.getString("preop.name.dn"); String priKeyID = config.getString("preop.keysize.priKeyID"); String pkcs10 = CryptoUtil.getPKCS10FromKey(dn, @@ -82,8 +85,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) { - } + } catch (Exception e) {} String select = "auto"; boolean select_manual = true; @@ -92,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug("ConfigJoinServlet::display() - " + "Exception=" - + e.toString()); + CMS.debug( "ConfigJoinServlet::display() - " + + "Exception="+e.toString() ); return; } if (select.equals("auto")) { @@ -107,13 +109,12 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -127,7 +128,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); String select = request.getParameter("choice"); @@ -153,21 +155,22 @@ public class ConfigJoinServlet extends ConfigBaseServlet { config.putString("preop.join.pwd", pwd); /* XXX - submit request to the CA, and import it automatically */ - config.putString("preop.join.cert", ""); /* store the chain */ + config.putString( + "preop.join.cert", ""); /* store the chain */ } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { - template = Velocity - .getTemplate("admin/console/config/config_join.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_join.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 9926895b..895c75ac 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -31,6 +32,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; + public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -39,7 +41,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { private static final long serialVersionUID = 1128630821163059659L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String profile = request.getParameter("profile"); if (profile == null) { @@ -51,13 +54,12 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} if (profile == null || profile.equals("")) { return false; } else { @@ -71,31 +73,29 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} String p[] = { "caCert.profile" }; Vector profiles = new Vector(); for (int i = 0; i < p.length; i++) { try { - profiles.addElement(new CertInfoProfile(instancePath + "/conf/" - + p[i])); - } catch (Exception e) { - } + profiles.addElement( + new CertInfoProfile(instancePath + "/conf/" + p[i])); + } catch (Exception e) {} } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +108,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) { - } + config.commit(false); + } catch (Exception e) {} context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,14 +124,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { - template = Velocity - .getTemplate("admin/console/config/config_rootca.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_rootca.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index febe8f9a..daf14c9e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -38,19 +39,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() { - } + public CreateSubsystemPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -71,16 +72,15 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,7 +88,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Subsystem Type"); IConfigStore config = CMS.getConfigStore(); String session_id = request.getParameter("session_id"); @@ -111,8 +112,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -120,8 +121,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -134,8 +135,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("cstype", cstype); context.put("wizardname", config.getString("preop.wizard.name")); context.put("systemname", config.getString("preop.system.name")); - context.put("fullsystemname", - config.getString("preop.system.fullname")); + context.put("fullsystemname", config.getString("preop.system.fullname")); context.put("machineName", config.getString("machineName")); context.put("http_port", CMS.getEENonSSLPort()); context.put("https_agent_port", CMS.getAgentPort()); @@ -144,7 +144,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +164,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length() == 0) + if (list.length()==0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -176,14 +176,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { String errorString = ""; IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -194,8 +196,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -207,7 +209,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -221,9 +223,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX + tag + ".enable", true); - else - config.putBoolean(PCERT_PREFIX + tag + ".enable", false); + config.putBoolean(PCERT_PREFIX+tag+".enable", true); + else + config.putBoolean(PCERT_PREFIX+tag+".enable", false); } // get the master CA @@ -252,8 +254,10 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort(config, host, - String.valueOf(https_ee_port), cstype); + String https_admin_port = getSecurityDomainAdminPort( config, + host, + String.valueOf(https_ee_port), + cstype ); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -261,12 +265,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort(config, "clone", host, - https_ee_port, true, context, certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, + true, context, certApprovalCallback ); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -287,7 +291,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Subsystem Type"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index feb6ad28..17a4bae6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -63,7 +64,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST = "Enter FQDN here"; + private static final String CLONE_HOST="Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -73,19 +74,19 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() { - } + public DatabasePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -100,15 +101,15 @@ public class DatabasePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.Database.done", false); + boolean s = cs.getBoolean("preop.Database.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -119,7 +120,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -129,19 +130,19 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); - Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, - null, "Bind Password"); + Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, + "Bind Password"); set.add("bindpwd", bindpwdDesc); - Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, - null, "Database"); + Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null, + "Database"); set.add("database", databaseDesc); @@ -152,7 +153,8 @@ public class DatabasePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("DatabasePanel: display()"); context.put("title", "Internal Database"); context.put("firsttime", "false"); @@ -185,9 +187,8 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString( - "internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -198,12 +199,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug("DatabasePanel::display() - " + "Exception=" - + e.toString()); + CMS.debug( "DatabasePanel::display() - " + + "Exception="+e.toString() ); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=') + 1); + database = basedn.substring(basedn.lastIndexOf('=')+1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -222,10 +223,11 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - + + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -241,15 +243,15 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true") ? "on" : "off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" - : "off")); + context.put("secureConn", (secure.equals("true")? "on":"off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -269,7 +271,8 @@ public class DatabasePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); context.put("firsttime", "false"); @@ -314,15 +317,13 @@ public class DatabasePanel extends WizardPanelBase { String masterport = ""; String masterbasedn = ""; try { - masterhost = cs.getString("preop.internaldb.master.hostname", - ""); + masterhost = cs.getString("preop.internaldb.master.hostname", ""); masterport = cs.getString("preop.internaldb.master.port", ""); - masterbasedn = cs.getString("preop.internaldb.master.basedn", - ""); + masterbasedn = cs.getString("preop.internaldb.master.basedn", ""); } catch (Exception e) { } - // get the real host name + //get the real host name String realhostname = ""; if (hostname.equals("localhost")) { try { @@ -332,14 +333,12 @@ public class DatabasePanel extends WizardPanelBase { } if (masterhost.equals(realhostname) && masterport.equals(portStr)) { context.put("updateStatus", "validate-failure"); - throw new IOException( - "Master and clone must not share the same internal database"); + throw new IOException("Master and clone must not share the same internal database"); } if (!masterbasedn.equals(basedn)) { context.put("updateStatus", "validate-failure"); - throw new IOException( - "Master and clone should have the same base DN"); + throw new IOException("Master and clone should have the same base DN"); } } @@ -366,15 +365,13 @@ public class DatabasePanel extends WizardPanelBase { } if (basedn == null || basedn.length() == 0) { - cs.putString("preop.database.errorString", - "Base DN is empty string"); + cs.putString("preop.database.errorString", "Base DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Base DN is empty string"); } if (binddn == null || binddn.length() == 0) { - cs.putString("preop.database.errorString", - "Bind DN is empty string"); + cs.putString("preop.database.errorString", "Bind DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Bind DN is empty string"); } @@ -398,7 +395,8 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException { + throws IOException + { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -411,7 +409,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -430,12 +428,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -445,80 +443,81 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) { + private boolean deleteDir(File dir) + { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i = 0; i < children.length; i++) { + for (int i=0; i<children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) + { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn = ""; + String dn=""; try { CMS.debug("Deleting baseDN: " + baseDN); - LDAPSearchResults res = conn.search(baseDN, - LDAPConnection.SCOPE_BASE, filter, attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); - } catch (LDAPException e) { + LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); } - + catch (LDAPException e) {} + try { - dn = "cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, - filter, attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, - LDAPConnection.SCOPE_BASE, filter, attrs, true, - cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } catch (LDAPException e) { - } + dn="cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } + catch (LDAPException e) {} try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, - filter, attrs, true, cons); + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { - CMS.debug("Unable to delete database directory " - + dbdir); + CMS.debug("Unable to delete database directory " + dbdir); } } } - } catch (LDAPException e) { } + catch (LDAPException e) {} } - private void populateDB(HttpServletRequest request, Context context, - String secure) throws IOException { + + private void populateDB(HttpServletRequest request, Context context, String secure) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -543,53 +542,50 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) - foundBaseDN = true; + if (entry != null) foundBaseDN = true; } catch (LDAPException e) { - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch( e.getLDAPResultCode() ) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) - foundDatabase = true; + if (entry != null) foundDatabase = true; } catch (LDAPException e) { - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch( e.getLDAPResultCode() ) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) - foundDatabase = true; + if (entry != null) foundDatabase = true; } catch (LDAPException e) { - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch( e.getLDAPResultCode() ) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } if (foundDatabase) { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { - throw new IOException( - "This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } else { + throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); + } + else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -600,11 +596,9 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException( - "This base DN (" - + baseDN - + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } else { + throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } + else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -615,7 +609,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; + String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -629,7 +623,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; + String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -638,8 +632,7 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (Exception e) { - CMS.debug("Warning: database mapping tree creation error - " - + e.toString()); + CMS.debug("Warning: database mapping tree creation error - " + e.toString()); throw new IOException("Failed to create the database."); } @@ -651,19 +644,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain" }; + String oc3[] = { "top", "domain"}; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: " + baseDN); + throw new IOException("Failed to create the base DN: "+baseDN); } // check to see if the base dn exists @@ -673,23 +666,19 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) { - } + } catch (LDAPException e) {} boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) { - } + } catch (Exception e) {} if (!foundBaseDN) { if (!testing) { - context.put( - "errorString", - "Base DN was not found. Please make sure to create the suffix in the internal database."); + context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database."); throw new IOException("Base DN not found"); } @@ -708,7 +697,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit" }; + String oc[] = { "top", "organizationalUnit"}; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -716,7 +705,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -734,41 +723,39 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) { - } + } catch (LDAPException e) {} } - private void importLDIFS(String param, LDAPConnection conn) - throws IOException { + private void importLDIFS(String param, LDAPConnection conn) throws IOException { IConfigStore cs = CMS.getConfigStore(); String v = null; CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -783,8 +770,9 @@ public class DatabasePanel extends WizardPanelBase { database = cs.getString("internaldb.database"); CMS.debug("DatabasePanel update: database=" + database); } catch (EBaseException e) { - CMS.debug("DatabasePanel update: Failed to get database name. Exception: " - + e.toString()); + CMS.debug( + "DatabasePanel update: Failed to get database name. Exception: " + + e.toString()); database = "userRoot"; } @@ -799,12 +787,13 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - String configDir = instancePath + File.separator + "conf"; + + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -818,8 +807,7 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel importLDIFS: ldif file = " + token); String filename = configDir + File.separator + name; - CMS.debug("DatabasePanel importLDIFS: ldif file copy to " - + filename); + CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + filename); PrintStream ps = null; BufferedReader in = null; @@ -858,14 +846,14 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); - throw new IOException("Problem of copying ldif file: " - + filename); + throw new IOException( + "Problem of copying ldif file: " + filename); } LDAPUtil.importLDIF(conn, filename); @@ -876,9 +864,10 @@ public class DatabasePanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -914,20 +903,17 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", - (secure.equals("on") ? "true" : "false")); + cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", - (cloneStartTLS.equals("on") ? "true" : "false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* - * if user submits the same data, they just want to skip to the next - * panel, no database population is required. - */ - if (hostname1.equals(hostname2) && portStr1.equals(portStr2) - && database1.equals(database2)) { + /* if user submits the same data, they just want to skip + to the next panel, no database population is required. */ + if (hostname1.equals(hostname2) && + portStr1.equals(portStr2) && + database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -935,17 +921,15 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); + try { - populateDB(request, context, (secure.equals("on") ? "true" - : "false")); + populateDB(request, context, (secure.equals("on")?"true":"false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: " - + e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: " - + e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -966,11 +950,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException(e.toString()); + throw new IOException( e.toString() ); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd", replicationpwd); + cs.putString("preop.internaldb.replicationpwd" , replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -999,65 +983,57 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on") ? "true" : "false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* - * For vlvtask, we need to check if the task has been completed or - * not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[]) null); - if (task != null) { - LDAPAttribute attr = task - .getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues() - .nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" - + val); - } - } - } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" - + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" - + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn - + " due to timeout."); + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on")?"true":"false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* For vlvtask, we need to check if the task has + been completed or not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[])null); + if (task != null) { + LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues().nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); + } + } } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } + } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on") ? "true" - : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); + setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); CMS.debug("Finish setting up replication."); try { @@ -1072,23 +1048,25 @@ public class DatabasePanel extends WizardPanelBase { } } + if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug("DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug( + "DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } - private void setupReplication(HttpServletRequest request, Context context, - String secure, String cloneStartTLS) throws IOException { + private void setupReplication(HttpServletRequest request, + Context context, String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1100,14 +1078,13 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - // setup replication agreement - String masterAgreementName = "masterAgreement1-" + machinename + "-" - + instanceId; + + //setup replication agreement + String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-" + machinename + "-" - + instanceId; + String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1120,14 +1097,11 @@ public class DatabasePanel extends WizardPanelBase { String master1_replicationpwd = ""; try { - master1_hostname = cs.getString("preop.internaldb.master.hostname", - ""); + master1_hostname = cs.getString("preop.internaldb.master.hostname", ""); master1_port = cs.getInteger("preop.internaldb.master.port", -1); master1_binddn = cs.getString("preop.internaldb.master.binddn", ""); - master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", - ""); - master1_replicationpwd = cs.getString( - "preop.internaldb.master.replicationpwd", ""); + master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", ""); + master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", ""); } catch (Exception e) { } @@ -1142,22 +1116,21 @@ public class DatabasePanel extends WizardPanelBase { master2_port = cs.getInteger("internaldb.ldapconn.port", -1); master2_binddn = cs.getString("internaldb.ldapauth.bindDN", ""); master2_bindpwd = bindpwd; - master2_replicationpwd = cs.getString( - "preop.internaldb.replicationpwd", ""); + master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1167,23 +1140,19 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\"" + suffix - + "\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); + String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); - String masterBindUser = "Replication Manager " - + masterAgreementName; + String masterBindUser = "Replication Manager " + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; - createReplicationManager(conn1, masterBindUser, - master1_replicationpwd); - createReplicationManager(conn2, cloneBindUser, - master2_replicationpwd); + createReplicationManager(conn1, masterBindUser, master1_replicationpwd); + createReplicationManager(conn2, cloneBindUser, master2_replicationpwd); String dir1 = getInstanceDir(conn1); createChangeLog(conn1, dir1 + "/changelogs"); @@ -1193,43 +1162,36 @@ public class DatabasePanel extends WizardPanelBase { int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1); - replicaId = enableReplication(replicadn, conn1, masterBindUser, - basedn, replicaId); - replicaId = enableReplication(replicadn, conn2, cloneBindUser, - basedn, replicaId); + replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId); + replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId); cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId)); CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, - basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, - basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (!replicationDone(replicadn, conn1, masterAgreementName)) { + while (! replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } - String status = replicationStatus(replicadn, conn1, - masterAgreementName); + String status = replicationStatus(replicadn, conn1, masterAgreementName); if (!status.startsWith("0 ")) { - CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " - + status); - throw new IOException("consumer initialization failed. " - + status); - } + CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + + status); + throw new IOException("consumer initialization failed. " + status); + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: " + e.toString()); - throw new IOException( - "Failed to setup the replication for cloning."); + CMS.debug("DatabasePanel setupReplication: "+e.toString()); + throw new IOException("Failed to setup the replication for cloning."); } } @@ -1237,26 +1199,27 @@ public class DatabasePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private boolean isAgreementExist(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn=" + name + "," + replicadn; - String filter = "(cn=" + name + ")"; - String[] attrs = { "cn" }; + String name) { + String dn = "cn="+name+","+replicadn; + String filter = "(cn="+name+")"; + String[] attrs = {"cn"}; try { LDAPSearchResults results = conn.search(dn, LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) - return true; + return true; } catch (LDAPException e) { return false; } @@ -1264,8 +1227,8 @@ public class DatabasePanel extends WizardPanelBase { return false; } - private void createReplicationManager(LDAPConnection conn, String bindUser, - String pwd) throws LDAPException { + private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1285,13 +1248,11 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: " - + ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " - + e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); throw e; } } @@ -1300,7 +1261,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1315,16 +1276,17 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); - /* - * leave it, dont delete it because it will have operation error - * try { conn.delete(dn); conn.add(entry); } catch - * (LDAPException ee) { - * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); } - */ +/* leave it, dont delete it because it will have operation error + try { + conn.delete(dn); + conn.add(entry); + } catch (LDAPException ee) { + CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); + } +*/ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " - + e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); throw e; } } @@ -1332,9 +1294,9 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel createChangeLog: Successfully create change log entry"); } - private int enableReplication(String replicadn, LDAPConnection conn, - String bindUser, String basedn, int id) throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); + private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) + throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1344,8 +1306,8 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("objectclass", "extensibleobject")); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser - + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1353,57 +1315,49 @@ public class DatabasePanel extends WizardPanelBase { conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - /* - * BZ 470918 -we cant just add the new dn. We need to do a - * replace instead until the DS code is fixed - */ - CMS.debug("DatabasePanel enableReplication: " + replicadn - + " has already been used"); - + /* BZ 470918 -we cant just add the new dn. We need to do a replace instead + * until the DS code is fixed */ + CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); + try { entry = conn.read(replicadn); - LDAPAttribute attr = entry - .getAttribute("nsDS5ReplicaBindDN"); - attr.addValue("cn=" + bindUser + ",cn=config"); - LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); + attr.addValue( "cn=" + bindUser + ",cn=config"); + LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - + replicadn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + +replicadn+" entry. Exception: "+e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create " - + replicadn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create " - + replicadn + " entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, - int replicaport, String replicapwd, String basedn, String bindUser, - String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn=" + name + "," + replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, int replicaport, + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn="+name+","+replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser - + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1414,58 +1368,50 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description", name)); + attrs.add(new LDAPAttribute("description",name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: " + dn - + " has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: " - + ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: " - + ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " - + dn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " - + name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn=" + name + "," + replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " - + dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " - + conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn="+name+","+replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify " - + dn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1476,35 +1422,33 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: " - + ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, - String name) throws IOException { - String dn = "cn=" + name + "," + replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn="+name+","+replicadn; String filter = "(objectclass=*)"; - String[] attrs = { "nsds5beginreplicarefresh" }; + String[] attrs = {"nsds5beginreplicarefresh"}; - CMS.debug("DatabasePanel replicationDone: dn: " + dn); + CMS.debug("DatabasePanel replicationDone: dn: "+dn); try { - LDAPSearchResults results = conn.search(dn, - LDAPConnection.SCOPE_BASE, filter, attrs, true); + LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); - LDAPAttribute refresh = entry - .getAttribute("nsds5beginreplicarefresh"); + LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1512,33 +1456,31 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, - String name) throws IOException { - String dn = "cn=" + name + "," + replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn="+name+","+replicadn; String filter = "(objectclass=*)"; - String[] attrs = { "nsds5replicalastinitstatus" }; + String[] attrs = {"nsds5replicalastinitstatus"}; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: " + dn); + CMS.debug("DatabasePanel replicationStatus: dn: "+dn); try { - LDAPSearchResults results = conn.search(dn, - LDAPConnection.SCOPE_BASE, filter, attrs, false); + LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); - LDAPAttribute attr = entry - .getAttribute("nsds5replicalastinitstatus"); + LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String) valsInAttr.nextElement(); + return (String)valsInAttr.nextElement(); } else { - throw new IOException( - "No value returned for nsds5replicalastinitstatus"); + throw new IOException("No value returned for nsds5replicalastinitstatus"); } } else { throw new IOException("nsDS5ReplicaLastInitStatus is null."); @@ -1550,42 +1492,35 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir = ""; + String instancedir=""; try { String filter = "(objectclass=*)"; - String[] attrs = { "nsslapd-directory" }; - LDAPSearchResults results = conn.search( - "cn=config,cn=ldbm database,cn=plugins,cn=config", - LDAPv3.SCOPE_SUB, filter, attrs, false); + String[] attrs = {"nsslapd-directory"}; + LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, + filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " - + dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet - .nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: " - + attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while (valsInAttr.hasMoreElements()) { - String nextValue = (String) valsInAttr.nextElement(); + while ( valsInAttr.hasMoreElements() ) { + String nextValue = (String)valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir=" - + nextValue); - return nextValue.substring(0, - nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); + return nextValue.substring(0,nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " - + e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index 127e233c..d8fd7526 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class DatabaseServlet extends BaseServlet { /** @@ -32,7 +34,8 @@ public class DatabaseServlet extends BaseServlet { private static final long serialVersionUID = 6474664942834474385L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index b2365eb7..1e1b6dec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -41,25 +42,25 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() { - } + public DisplayCertChainPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -69,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -85,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select", ""); + try { + String select = cs.getString("securitydomain.select",""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -112,10 +113,11 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("DisplayCertChainPanel: display"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("DisplayCertChainPanel setting session id."); @@ -130,8 +132,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) { - } + } catch (Exception e) {} int size = 0; Vector v = new Vector(); @@ -139,22 +140,20 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) { - } + } catch (Exception e) {} for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); - CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl( - b_c)); + CertPrettyPrint pp = new CertPrettyPrint( + new X509CertImpl(b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) { - } + } catch (Exception e) {} } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -172,48 +171,44 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo() + 1; + int panel = getPanelNo()+1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); - int sd_port = cs - .getInteger("securitydomain.httpsadminport", -1); + int sd_port = cs.getInteger("securitydomain.httpsadminport", -1); String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" - + toLowerCaseSubsystemType(subsystem) - + "/admin/console/config/wizard?p=" + panel - + "&subsystem=" + subsystem; + String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://" + sd_hostname + ":" + sd_port - + "/ca/admin/ca/securityDomainLogin?url=" - + encodedValue; + String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString("securitydomain.httpport", - getSecurityDomainPort(cs, "UnSecurePort")); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort(cs, "SecureAgentPort")); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort(cs, "SecurePort")); + cs.putString( "securitydomain.httpport", + getSecurityDomainPort( cs, "UnSecurePort" ) ); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort( cs, "SecureAgentPort" ) ); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort( cs, "SecurePort" ) ); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); + CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); } } context.put("updateStatus", "success"); @@ -223,7 +218,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ context.put("title", "Display Certificate Chain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index cdcc8a47..00871921 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class DisplayServlet extends BaseServlet { /** @@ -32,7 +34,8 @@ public class DisplayServlet extends BaseServlet { private static final long serialVersionUID = -8753831516572779596L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index c8c4d56c..9669ddb1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -56,22 +57,23 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration"; + public static final String RESTART_SERVER_AFTER_CONFIGURATION = + "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() { - } + public DonePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Done"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -86,13 +88,15 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } - private LDAPConnection getLDAPConn(Context context) throws IOException { + private LDAPConnection getLDAPConn(Context context) + throws IOException + { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -108,9 +112,8 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if (pwd == null) { - throw new IOException( - "DonePanel: Failed to obtain password from password store"); + if ( pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); } try { @@ -135,11 +138,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -150,17 +153,19 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } + /** * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("DonePanel: display()"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -188,32 +193,31 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) { - } + } catch (Exception e) {} String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty("os.name"); - if (os.equalsIgnoreCase("Linux")) { - if (!systemdService.equals("")) { - context.put("initCommand", "/bin/systemctl"); - context.put("instanceId", systemdService); + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + if (! systemdService.equals("")) { + context.put( "initCommand", "/bin/systemctl"); + context.put( "instanceId", systemdService ); } else { - context.put("initCommand", "/sbin/service " + initDaemon); - context.put("instanceId", instanceId); + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put("initCommand", "/etc/init.d/" + initDaemon); - context.put("instanceId", instanceId); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + initDaemon ); + context.put( "instanceId", instanceId ); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -229,7 +233,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -263,8 +267,7 @@ public class DonePanel extends WizardPanelBase { boolean cloneMaster = false; - if (select.equals("clone") && type.equalsIgnoreCase("CA") - && isSDHostDomainMaster(cs)) { + if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) { cloneMaster = true; CMS.debug("Cloning a domain master"); } @@ -277,22 +280,20 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "pkiSecurityDomain")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain")); if (secdomain.equals("")) { // this should not happen - just in case CMS.debug("DonePanel display(): Security domain is an empty string!"); - throw new IOException( - "Security domain is an empty string!"); + throw new IOException("Security domain is an empty string!"); } else { attrs.add(new LDAPAttribute("name", secdomain)); } @@ -304,33 +305,29 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = { "CAList", "OCSPList", "KRAList", - "RAList", "TKSList", "TPSList" }; - for (int i = 0; i < clist.length; i++) { + String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; + for (int i=0; i< clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; - String dn = "cn=" + clist[i] + ",ou=Security Domain," - + basedn; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); attrs.add(new LDAPAttribute("cn", clist[i])); entry = new LDAPEntry(dn, attrs); conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups"); + CMS.debug("Unable to create security domain list groups" ); throw e; - } + } try { - // Add this host (only CA can create new domain) + // Add this host (only CA can create new domain) String cn = ownhost + ":" + ownadminsport; - String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," - + basedn; + String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -339,12 +336,12 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("Host", ownhost)); attrs.add(new LDAPAttribute("SecurePort", ownsport)); attrs.add(new LDAPAttribute("SecureAgentPort", - ownagentsport)); + ownagentsport)); attrs.add(new LDAPAttribute("SecureAdminPort", - ownadminsport)); + ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -360,32 +357,31 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: " + e.toString()); + CMS.debug("DonePanel display: "+e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt(sd_admin_port); + sd_admin_port_int = Integer.parseInt( sd_admin_port ); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug("Dump contents of new Security Domain . . ."); - String c = getDomainXML(sd_host, sd_admin_port_int, true); - } catch (Exception e) { - } + CMS.debug( "Dump contents of new Security Domain . . ." ); + String c = getDomainXML( sd_host, sd_admin_port_int, true ); + } catch( Exception e ) {} // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" - + PKI_SECURITY_DOMAIN; - if (!Utils.isNT()) { - Utils.exec("touch " + security_domain); - Utils.exec("chmod 00660 " + security_domain); + + PKI_SECURITY_DOMAIN; + if( !Utils.isNT() ) { + Utils.exec( "touch " + security_domain ); + Utils.exec( "chmod 00660 " + security_domain ); } - } else { // existing domain + } else { //existing domain int sd_agent_port_int = -1; int sd_admin_port_int = -1; try { @@ -402,30 +398,34 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr = "&eeclientauthsport=" + owneeclientauthsport; - - updateDomainXML(sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", "list=" + s + "&type=" - + type + "&host=" + ownhost + "&name=" - + subsystemName + "&sport=" + ownsport - + domainMasterStr + cloneStr + "&agentsport=" - + ownagentsport + "&adminsport=" - + ownadminsport + eecaStr + "&httpport=" - + ownport); + if (owneeclientauthsport != null) + eecaStr="&eeclientauthsport=" + owneeclientauthsport; + + updateDomainXML( sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", + "list=" + s + + "&type=" + type + + "&host=" + ownhost + + "&name=" + subsystemName + + "&sport=" + ownsport + + domainMasterStr + + cloneStr + + "&agentsport=" + ownagentsport + + "&adminsport=" + ownadminsport + + eecaStr + + "&httpport=" + ownport ); // Fetch the "updated" security domain and display it - CMS.debug("Dump contents of updated Security Domain . . ."); - String c = getDomainXML(sd_host, sd_admin_port_int, true); + CMS.debug( "Dump contents of updated Security Domain . . ." ); + String c = getDomainXML( sd_host, sd_admin_port_int, true ); } catch (Exception e) { - context.put("errorString", - "Failed to update the security domain on the domain master."); - // return; + context.put("errorString", "Failed to update the security domain on the domain master."); + //return; } } @@ -436,17 +436,16 @@ public class DonePanel extends WizardPanelBase { cs.putString("securitydomain.store", "ldap"); cs.commit(false); } catch (Exception e) { - CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" - + e); + CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); } + // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { updateConnectorInfo(ownagenthost, ownagentsport); } catch (IOException e) { - context.put("errorString", - "Failed to update connector information."); + context.put("errorString", "Failed to update connector information."); return; } setupClientAuthUser(); @@ -470,7 +469,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -479,7 +478,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -493,37 +492,28 @@ public class DonePanel extends WizardPanelBase { String serialdn = ""; if (type.equals("CA")) { - serialdn = "ou=certificateRepository,ou=" - + type.toLowerCase() + "," + basedn; + serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; } else { - serialdn = "ou=keyRepository,ou=" + type.toLowerCase() - + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( - "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( - LDAPModification.REPLACE, attrSerialNextRange); - conn.modify(serialdn, serialmod); - - String requestdn = "ou=" + type.toLowerCase() - + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( - "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( - LDAPModification.REPLACE, attrRequestNextRange); - conn.modify(requestdn, requestmod); - - conn.disconnect(); + serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); + conn.modify( serialdn, serialmod ); + + String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; + LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); + conn.modify( requestdn, requestmod ); + + conn.disconnect(); } catch (Exception e) { - CMS.debug("Unable to update global next range numbers: " - + e); - } + CMS.debug("Unable to update global next range numbers: " + e); + } } - } + } if (cloneMaster) { - // cloning a domain master CA, the clone is also master of its - // domain + // cloning a domain master CA, the clone is also master of its domain try { cs.putString("securitydomain.host", ownhost); cs.putString("securitydomain.httpport", ownport); @@ -546,58 +536,42 @@ public class DonePanel extends WizardPanelBase { String ss = st.nextToken(); if (ss.equals("sslserver")) continue; - cs.putString("cloning." + ss + ".nickname", - cs.getString("preop.cert." + ss + ".nickname", "")); - cs.putString("cloning." + ss + ".dn", - cs.getString("preop.cert." + ss + ".dn", "")); - cs.putString("cloning." + ss + ".keytype", - cs.getString("preop.cert." + ss + ".keytype", "")); - cs.putString("cloning." + ss + ".keyalgorithm", - cs.getString("preop.cert." + ss + ".keyalgorithm", "")); - cs.putString("cloning." + ss + ".privkey.id", - cs.getString("preop.cert." + ss + ".privkey.id", "")); - cs.putString("cloning." + ss + ".pubkey.exponent", cs - .getString("preop.cert." + ss + ".pubkey.exponent", "")); - cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString( - "preop.cert." + ss + ".pubkey.modulus", "")); - cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString( - "preop.cert." + ss + ".pubkey.encoded", "")); + cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", "")); + cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", "")); + cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", "")); + cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", "")); + cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", "")); + cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); + cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); + cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); } - cs.putString("cloning.module.token", - cs.getString("preop.module.token", "")); + cs.putString("cloning.module.token", cs.getString("preop.module.token", "")); cs.putString("cloning.list", list); // more cloning variables needed for non-ca clones - if (!type.equals("CA")) { + if (! type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) - cs.putString("jss.ssl.sslserver.ectype", - cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); + cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); cs.removeSubStore("preop"); cs.commit(false); @@ -606,10 +580,10 @@ public class DonePanel extends WizardPanelBase { // this server instance has been configured, it has NOT yet // been restarted! String restart_server = instanceRoot + "/conf/" - + RESTART_SERVER_AFTER_CONFIGURATION; - if (!Utils.isNT()) { - Utils.exec("touch " + restart_server); - Utils.exec("chmod 00660 " + restart_server); + + RESTART_SERVER_AFTER_CONFIGURATION; + if( !Utils.isNT() ) { + Utils.exec( "touch " + restart_server ); + Utils.exec( "chmod 00660 " + restart_server ); } } catch (Exception e) { @@ -619,11 +593,13 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() { + private void setupClientAuthUser() + { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA - IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + IUGSubsystem system = + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -664,8 +640,9 @@ public class DonePanel extends WizardPanelBase { } } - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -684,8 +661,7 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID=" + session_id - + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; + String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -699,43 +675,38 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); X509Certificate leafCert = null; if (certs != null && certs.length > 0) { - if (certs[0].getSubjectDN().getName() - .equals(certs[0].getIssuerDN().getName())) { + if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) { leafCert = certs[certs.length - 1]; } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = + (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain // (2) store certificate (and certificate chain) into // database - ICRLIssuingPointRecord rec = defStore - .createCRLIssuingPointRecord(leafCert - .getSubjectDN().getName(), BIG_ZERO, - MINUS_ONE, null, null); + ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( + leafCert.getSubjectDN().getName(), + BIG_ZERO, + MINUS_ONE, null, null); try { - rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, - leafCert.getEncoded()); + rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); } catch (Exception e) { // error } - defStore.addCRLIssuingPoint(leafCert.getSubjectDN() - .getName(), rec); - // log(ILogger.EV_AUDIT, AuditFormat.LEVEL, - // "Added CA certificate " + - // leafCert.getSubjectDN().getName()); + defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); + //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); CMS.debug("DonePanel importCACertToOCSP: Added CA certificate."); } @@ -746,8 +717,7 @@ public class DonePanel extends WizardPanelBase { throw e; } catch (Exception e) { CMS.debug("DonePanel importCACertToOCSP: Failed to import the certificate chain into the OCSP"); - throw new IOException( - "Failed to import the certificate chain into the OCSP"); + throw new IOException("Failed to import the certificate chain into the OCSP"); } } @@ -778,7 +748,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -787,29 +757,21 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " - + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" - + ownagenthost - + "&ca.connector.KRA.port=" - + ownagentsport - + "&ca.connector.KRA.transportCert=" - + URLEncoder.encode(transportCert) - + "&sessionID=" - + session_id; - - updateConnectorInfo(host, port, true, content); + CMS.debug("DonePanel: Transport certificate is being setup in " + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; + + updateConnectorInfo(host, port, true, content); } } @@ -831,23 +793,21 @@ public class DonePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - } + HttpServletResponse response, + Context context) throws IOException {} /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) {/* - * This should never - * be called - */ - } + HttpServletResponse response, + Context context) {/* This should never be called */} } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 561fbcf6..9d7fc22a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,7 +50,6 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,7 +59,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -71,7 +70,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String) httpReq.getSession().getAttribute("pin"); + String pin = (String)httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -102,26 +101,18 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); + CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 57af9f9a..87cb7a7c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -39,6 +40,7 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; + public class GetCertChain extends CMSServlet { /** @@ -54,7 +56,6 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,13 +63,11 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -77,11 +76,11 @@ public class GetCertChain extends CMSServlet { String outputString = null; - CertificateChain certChain = ((ICertAuthority) mAuthority) - .getCACertChain(); + CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain(); if (certChain == null) { - CMS.debug("GetCertChain displayChain: cannot get the certificate chain."); + CMS.debug( + "GetCertChain displayChain: cannot get the certificate chain."); outputError(httpResp, "Error: Failed to get certificate chain."); return; } @@ -96,7 +95,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } @@ -122,15 +121,7 @@ public class GetCertChain extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index 456bf6c1..c1010b46 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,7 +59,6 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -68,13 +67,11 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -87,12 +84,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -107,32 +104,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("GetConfigEntries process: Exception: "+e.toString()); + throw new EBaseException( e.toString() ); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -143,9 +140,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1 + "." + enum1.nextElement(); + String name = name1+"."+enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -174,10 +171,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -211,15 +208,7 @@ public class GetConfigEntries extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } private String getLDAPPassword() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 1e59bf71..74edda79 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,6 +45,7 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + public class GetCookie extends CMSServlet { /** @@ -56,8 +57,10 @@ public class GetCookie extends CMSServlet { private String mErrorFormPath = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -65,7 +68,6 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -76,13 +78,12 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -99,27 +100,28 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url =" + url); + CMS.debug("GetCookie before auth, url ="+url); String url_e = ""; URL u = null; try { url_e = URLDecoder.decode(url, "UTF-8"); u = new URL(url_e); } catch (Exception eee) { - throw new ECMSGWException("GetCookie missing parameter: url"); + throw new ECMSGWException( + "GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2 + 10); + subsystem = url.substring(index2+10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -129,9 +131,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -147,17 +149,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); - /* - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - * throw new ECMSGWException( - * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - */ - } +/* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); +*/ + } - if (form == null) { + if( form == null ) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException("form is null"); + throw new EBaseException( "form is null" ); } try { @@ -168,17 +170,16 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -186,15 +187,16 @@ public class GetCookie extends CMSServlet { if (groupname != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.SUCCESS, - groupname); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + uid, + ILogger.SUCCESS, + groupname); audit(auditMessage); // assign cookie long num = mRandom.nextLong(); - cookie = num + ""; - ISecurityDomainSessionTable ctable = CMS - .getSecurityDomainSessionTable(); + cookie = num+""; + ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); String addr = ""; try { addr = u.getHost(); @@ -205,42 +207,43 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index + 1); + ip = ip.substring(index+1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;" + cookie - + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" - + groupname; + String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + + "+uid;;" + uid + "+groupname;;" + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); if (status == ISecurityDomainSessionTable.SUCCESS) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + uid, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, - ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + uid, + ILogger.FAILURE, + auditParams); audit(auditMessage); } try { - String sd_url = "https://" + CMS.getEESSLHost() + ":" - + CMS.getEESSLPort(); + String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); - /* - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", - * e.toString())); throw new ECMSGWException( - * CMS.getUserMessage - * ("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - */ +/* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); +*/ } header.addStringValue("url", url); @@ -248,26 +251,26 @@ public class GetCookie extends CMSServlet { EBaseException error = null; try { - ServletOutputStream out = httpResp - .getOutputStream(); + ServletOutputStream out = httpResp.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { } } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.FAILURE, - "Enterprise " + subsystem + " Administrators"); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + uid, + ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); audit(auditMessage); } } @@ -275,25 +278,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = (IUGSubsystem) (CMS - .getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") - && subsystemname.equals("CA")) { + IUGSubsystem subsystem = + (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && + subsystemname.equals("CA")) { return "Enterprise CA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") - && subsystemname.equals("KRA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && + subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") - && subsystemname.equals("OCSP")) { + } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && + subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") - && subsystemname.equals("TKS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && + subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") - && subsystemname.equals("RA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && + subsystemname.equals("RA")) { return "Enterprise RA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") - && subsystemname.equals("TPS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && + subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index b3d9470d..f9e6c70e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -47,6 +48,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class GetDomainXML extends CMSServlet { /** @@ -62,7 +64,6 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,13 +73,11 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,7 +95,8 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -104,8 +104,7 @@ public class GetDomainXML extends CMSServlet { XMLObject response = new XMLObject(); Node root = response.createRoot("XMLResponse"); - if ((secstore != null) && (basedn != null) - && (secstore.equals("ldap"))) { + if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) { ILdapConnFactory connFactory = null; LDAPConnection conn = null; try { @@ -121,77 +120,64 @@ public class GetDomainXML extends CMSServlet { connFactory.init(ldapConfig); conn = connFactory.getConn(); - // get the security domain name - String secdomain = (String) conn.read(dn) - .getAttribute("name").getStringValues() - .nextElement(); + // get the security domain name + String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); XMLObject xmlObj = new XMLObject(); Node domainInfo = xmlObj.createRoot("DomainInfo"); xmlObj.addItemToContainer(domainInfo, "Name", secdomain); - // this should return CAList, KRAList etc. - LDAPSearchResults res = conn - .search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + // this should return CAList, KRAList etc. + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; dn = res.next().getDN(); String listName = dn.substring(3, dn.indexOf(",")); - String subType = listName.substring(0, - listName.indexOf("List")); - Node listNode = xmlObj.createContainer(domainInfo, - listName); - + String subType = listName.substring(0, listName.indexOf("List")); + Node listNode = xmlObj.createContainer(domainInfo, listName); + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, - LDAPConnection.SCOPE_ONE, filter, attrs, false, - cons); + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, false, cons); while (res2.hasMoreElements()) { - Node node = xmlObj.createContainer(listNode, - subType); + Node node = xmlObj.createContainer(listNode, subType); LDAPEntry entry = res2.next(); - LDAPAttributeSet entryAttrs = entry - .getAttributeSet(); + LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet - .nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - if ((!attrName.equals("cn")) - && (!attrName.equals("objectClass"))) { - String attrValue = (String) nextAttr - .getStringValues().nextElement(); - xmlObj.addItemToContainer(node, - securityDomainLDAPtoXML(attrName), - attrValue); + if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { + String attrValue = (String) nextAttr.getStringValues().nextElement(); + xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); } } - count++; - } - xmlObj.addItemToContainer(listNode, "SubsystemCount", - Integer.toString(count)); + count ++; + } + xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); } // Add new xml object as string to response. - response.addItemToContainer(root, "DomainInfo", - xmlObj.toXMLString()); - } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " - + e.toString()); + response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); + } + catch (Exception e) { + CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); status = FAILED; - } finally { - if ((conn != null) && (connFactory != null)) { + } + finally { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } else { - // get data from file store + } + else { + // get data from file store - String path = CMS.getConfigStore() - .getString("instanceRoot", "") + "/conf/domain.xml"; + String path = CMS.getConfigStore().getString("instanceRoot", "") + + "/conf/domain.xml"; CMS.debug("GetDomainXML: got path=" + path); @@ -207,12 +193,11 @@ public class GetDomainXML extends CMSServlet { fis.close(); CMS.debug("GetDomainXML: Done Reading domain.xml..."); - response.addItemToContainer(root, "DomainInfo", new String( - buf)); - } catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" - + e.toString()); - status = FAILED; + response.addItemToContainer(root, "DomainInfo", new String(buf)); + } + catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + e.toString()); + status = FAILED; } } @@ -221,34 +206,23 @@ public class GetDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to send the XML output" - + e.toString()); + CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) - return "Host"; - else - return attribute; + if (attribute.equals("host")) return "Host"; + else return attribute; } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 623acf9a..02fe36c1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -35,6 +36,7 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; + public class GetStatus extends CMSServlet { /** @@ -50,7 +52,6 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,19 +59,18 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; @@ -89,15 +89,7 @@ public class GetStatus extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 93d7e922..0a6c5ec3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -38,6 +39,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; + public class GetSubsystemCert extends CMSServlet { /** @@ -53,7 +55,6 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +62,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -74,29 +75,27 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname=" + nickname); + CMS.debug("GetSubsystemCert process: nickname="+nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); - outputError(httpResp, - "Error: Failed to get subsystem certificate."); + outputError(httpResp, "Error: Failed to get subsystem certificate."); return; } byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: " + e.toString()); + CMS.debug("GetSubsystemCert process: exception: "+e.toString()); } try { @@ -112,15 +111,7 @@ public class GetSubsystemCert extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index f4d68392..d7af0740 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,7 +52,6 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,13 +60,11 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -81,8 +78,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("GetTokenInfo process: Exception: "+e.toString()); + throw new EBaseException( e.toString() ); } Node root = xmlObj.createRoot("XMLResponse"); @@ -100,7 +97,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning." + name + ".nickname"; + name = "cloning."+name+".nickname"; String value = ""; try { @@ -108,7 +105,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -152,14 +149,6 @@ public class GetTokenInfo extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index 8d8747b9..bc29b34a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -62,7 +63,6 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -124,19 +124,19 @@ public class GetTransportCert extends CMSServlet { IConfigStore cs = CMS.getConfigStore(); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = tu - .getCertificate(); + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = + tu.getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); - mime64 = com.netscape.cmsutil.util.Cert - .normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,22 +154,14 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index 02a2c21a..a00b0fb7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() { - } + public HierarchyPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -55,15 +56,16 @@ public class HierarchyPanel extends WizardPanelBase { public boolean shouldSkip() { - // we dont need to ask the hierachy if we are + // we dont need to ask the hierachy if we are // setting up a clone try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", null); + String s = c.getString("preop.subsystem.select", + null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select", "root"); - c.putString("hierarchy.select", "Clone"); + c.putString("preop.hierarchy.select","root"); + c.putString("hierarchy.select","Clone"); return true; } } catch (EBaseException e) { @@ -87,16 +89,15 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -104,7 +105,8 @@ public class HierarchyPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "PKI Hierarchy"); IConfigStore config = CMS.getConfigStore(); @@ -115,7 +117,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -132,14 +134,16 @@ public class HierarchyPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); try { String cstype = config.getString("preop.subsystem.select", ""); @@ -159,17 +163,16 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -183,6 +186,6 @@ public class HierarchyPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { - } + HttpServletResponse response, + Context context) {} } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index ce5e9795..d4f93a9b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -46,19 +47,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() { - } + public ImportAdminCertPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -85,7 +86,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ImportAdminCertPanel: display"); context.put("errorString", ""); context.put("title", "Import Administrator's Certificate"); @@ -100,12 +102,11 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) { - } + } catch (Exception e) {} try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -128,26 +129,21 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - // this is a non-CA system that has elected to have its - // certificates + // this is a non-CA system that has elected to have its certificates // signed by a CA outside of the security domain. - // in this case, we submitted the cert request for the admin - // cert to + // in this case, we submitted the cert request for the admin cert to // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA - // within the security domain. In this case, we submitted - // the cert + // within the security domain. In this case, we submitted the cert // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } } else { // for CAs, we always generate our own admin certs @@ -155,8 +151,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } String pkcs7 = ""; @@ -175,14 +170,16 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); String type = ""; @@ -195,13 +192,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) { - } + } catch (Exception e) {} - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -210,23 +206,25 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - // REMINDER: This panel is NOT used by "clones" - if (ca != null) { + // REMINDER: This panel is NOT used by "clones" + if( ca != null ) { String serialno = null; - if (selected_hierarchy.equals("root")) { - CMS.debug("ImportAdminCertPanel update: " - + "Root CA subsystem - " + "(new Security Domain)"); + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(new Security Domain)" ); } else { - CMS.debug("ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(new Security Domain)"); + CMS.debug( "ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(new Security Domain)" ); } try { serialno = cs.getString("preop.admincert.serialno.0"); } catch (Exception e) { - CMS.debug("ImportAdminCertPanel update: Failed to get request id."); + CMS.debug( + "ImportAdminCertPanel update: Failed to get request id."); context.put("updateStatus", "failure"); throw new IOException("Failed to get request id."); } @@ -234,37 +232,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { ICertificateRepository repost = ca.getCertificateRepository(); try { - certs[0] = repost.getX509Certificate(new BigInteger(serialno, - 16)); - } catch (Exception ee) { - } + certs[0] = repost.getX509Certificate( + new BigInteger(serialno, 16)); + } catch (Exception ee) {} } else { String dir = null; - // REMINDER: This panel is NOT used by "clones" - if (subsystemtype.equals("CA")) { - if (selected_hierarchy.equals("root")) { - CMS.debug("ImportAdminCertPanel update: " - + "Root CA subsystem - " - + "(existing Security Domain)"); + // REMINDER: This panel is NOT used by "clones" + if( subsystemtype.equals( "CA" ) ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(existing Security Domain)" ); } else { - CMS.debug("ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(existing Security Domain)"); + CMS.debug( "ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(existing Security Domain)" ); } } else { - CMS.debug("ImportAdminCertPanel update: " + subsystemtype - + " subsystem"); + CMS.debug( "ImportAdminCertPanel update: " + + subsystemtype + + " subsystem" ); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) { - } + } catch (Exception ee) {} try { - BufferedReader reader = new BufferedReader(new FileReader(dir)); + BufferedReader reader = new BufferedReader( + new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -291,15 +289,15 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " - + e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); } } catch (Exception e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate. Exception: " - + e.toString()); + CMS.debug( + "ImportAdminCertPanel update: failed to add certificate. Exception: " + + e.toString()); context.put("updateStatus", "failure"); throw new IOException(e.toString()); } @@ -314,7 +312,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", null); + String s = c.getString("preop.subsystem.select",null); if (s != null && s.equals("clone")) { return true; } @@ -324,11 +322,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } + /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ context.put("title", "Import Administrator Certificate"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 8b0ccc0c..0c2e7fa0 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() { - } + public ImportCAChainPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -74,7 +75,8 @@ public class ImportCAChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ImportCACertChain: display"); context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); @@ -87,9 +89,8 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); - context.put("errorString", - "Error loading values for Import CA Certificate Panel"); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + context.put("errorString", "Error loading values for Import CA Certificate Panel"); } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -106,16 +107,19 @@ public class ImportCAChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); + context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -126,7 +130,8 @@ public class ImportCAChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ IConfigStore cs = CMS.getConfigStore(); @@ -136,7 +141,6 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index a5efbbfe..3f54ec1c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -60,7 +61,6 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = cm - .importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = + cm.importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,22 +150,14 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index b7b52129..da2a3ccb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cmsutil.password.IPasswordStore; /** - * This object stores the values for IP, uid and group based on the cookie id in - * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn + * This object stores the values for IP, uid and group based on the cookie id in LDAP. + * Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable implements - ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable + implements ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,7 +48,8 @@ public class LDAPSecurityDomainSessionTable implements m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -60,8 +61,7 @@ public class LDAPSecurityDomainSessionTable implements basedn = cs.getString("internaldb.basedn"); sessionsdn = "ou=sessions,ou=Security Domain," + basedn; } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" - + e); + CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); return status; } @@ -77,16 +77,14 @@ public class LDAPSecurityDomainSessionTable implements attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { - if ((e instanceof LDAPException) - && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + } catch (Exception e) { + if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" - + e); + CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); sessions_exists = false; } - } + } // add new entry try { @@ -95,32 +93,27 @@ public class LDAPSecurityDomainSessionTable implements String entrydn = "cn=" + sessionId + "," + sessionsdn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "securityDomainSessionEntry")); + attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry")); attrs.add(new LDAPAttribute("cn", sessionId)); attrs.add(new LDAPAttribute("host", ip)); attrs.add(new LDAPAttribute("uid", uid)); attrs.add(new LDAPAttribute("cmsUserGroup", group)); - attrs.add(new LDAPAttribute("dateOfCreate", Long - .toString((new Date()).getTime()))); + attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime()))); entry = new LDAPEntry(entrydn, attrs); if (sessions_exists) { conn.add(entry); - CMS.debug("SecurityDomainSessionTable: added session entry" - + sessionId); + CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); status = SUCCESS; } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to create session entry" - + sessionId + ": " + e); - } + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); + } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); } return status; } @@ -131,25 +124,21 @@ public class LDAPSecurityDomainSessionTable implements int status = FAILURE; try { String basedn = cs.getString("internaldb.basedn"); - String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," - + basedn; + String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; conn = getLDAPConn(); conn.delete(dn); status = SUCCESS; } catch (Exception e) { - if ((e instanceof LDAPException) - && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to delete session " - + sessionId + ": " + e); + CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); } } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); } return status; } @@ -165,24 +154,21 @@ public class LDAPSecurityDomainSessionTable implements String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); - if (res.getCount() > 0) - ret = true; - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " - + sessionId + ": " + e); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + if (res.getCount() > 0) ret = true; + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); } return ret; } + public Enumeration getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -195,31 +181,27 @@ public class LDAPSecurityDomainSessionTable implements String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); ret.add(entry.getAttribute("cn").getStringValueArray()[0]); } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " - + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " - + e); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); } return ret.elements(); @@ -229,28 +211,25 @@ public class LDAPSecurityDomainSessionTable implements IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); - if (res.getCount() > 0) { + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " - + sessionId + ": " + e); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); } return ret; } @@ -282,7 +261,7 @@ public class LDAPSecurityDomainSessionTable implements public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret = 0; + int ret =0; try { String basedn = cs.getString("internaldb.basedn"); @@ -291,25 +270,24 @@ public class LDAPSecurityDomainSessionTable implements String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " - + e); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); } return ret; } - private LDAPConnection getLDAPConn() throws IOException { + private LDAPConnection getLDAPConn() + throws IOException + { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -321,13 +299,12 @@ public class LDAPSecurityDomainSessionTable implements IPasswordStore pwdStore = CMS.getPasswordStore(); if (pwdStore != null) { - // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); pwd = pwdStore.getPassword("internaldb"); } - if (pwd == null) { - throw new IOException( - "SecurityDomainSessionTable: Failed to obtain password from password store"); + if ( pwd == null) { + throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -352,15 +329,14 @@ public class LDAPSecurityDomainSessionTable implements LDAPConnection conn = null; if (security.equals("true")) { - // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } - // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + - // p); + //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); try { conn.connect(host, p, binddn, pwd); } catch (LDAPException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index 844a5a36..e7fdbe3f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -26,6 +27,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; + public class LoginServlet extends BaseServlet { /** @@ -34,12 +36,14 @@ public class LoginServlet extends BaseServlet { private static final long serialVersionUID = -4766622132710080340L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { @@ -48,7 +52,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -58,7 +62,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index 2fcb1f2f..a91ca979 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -42,7 +43,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID = "authorityId"; + private static final String PROP_AUTHORITY_ID="authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -74,12 +75,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); - /* - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw - * new ECMSGWException( - * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - */ +/* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); +*/ } process(argSet, header, ctx, request, response); @@ -89,22 +90,21 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +125,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", Integer.valueOf(CMS.getEENonSSLPort()) - .intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEENonSSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +136,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", Integer - .valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +147,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", Integer - .valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index ef9255f3..38185a33 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -49,20 +50,19 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - - public ModulePanel() { - } + public ModulePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Key Store"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +71,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done", false); + cs.putBoolean("preop.ModulePanel.done",false); } public void loadCurrModTable() { @@ -87,8 +87,9 @@ public class ModulePanel extends WizardPanelBase { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug("ModulePanel: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug( + "ModulePanel: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -140,15 +141,15 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token nick name=" + token.getName()); CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); - if (!token.getName().equals("Internal Crypto Services Token") - && !token.getName().equals( - "NSS Generic Crypto Services")) { + if (!token.getName().equals("Internal Crypto Services Token") && + !token.getName().equals("NSS Generic Crypto Services")) { module.addToken(token); } else { - CMS.debug("ModulePanel: token " + token.getName() + CMS.debug( + "ModulePanel: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -180,11 +181,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -193,7 +194,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -202,41 +203,39 @@ public class ModulePanel extends WizardPanelBase { }// for } catch (Exception e) { - CMS.debug("ModulePanel: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug( + "ModulePanel: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public PropertySet getUsage() { - // it a token choice. Available tokens are discovered dynamically so + // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - - Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* default parameter */ - "module token selection"); + + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* default parameter */ + "module token selection"); set.add("choice", tokenDesc); - + return set; } public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.ModulePanel.done", false); + boolean s = cs.getBoolean("preop.ModulePanel.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -249,7 +248,8 @@ public class ModulePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ModulePanel: display()"); context.put("title", "Key Store"); @@ -272,8 +272,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo() + 1); - CMS.debug("ModulePanel subpanelno =" + subpanelno); + String subpanelno = String.valueOf(getPanelNo()+1); + CMS.debug("ModulePanel subpanelno =" +subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -282,15 +282,17 @@ public class ModulePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - boolean hasErr = false; + HttpServletResponse response, + Context context) throws IOException { + boolean hasErr = false; try { // get the value of the choice @@ -304,13 +306,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { @@ -324,7 +326,8 @@ public class ModulePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Security Module"); context.put("panel", "admin/console/config/modulepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index 861eee16..a0a627ee 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -26,6 +27,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; + public class ModuleServlet extends BaseServlet { /** @@ -34,16 +36,19 @@ public class ModuleServlet extends BaseServlet { private static final long serialVersionUID = 6518965840466227888L; /** - * Collect information on where keys are to be generated. Once collected, - * write to CS.cfg: "preop.module=soft" or "preop.module=hard" - * + * Collect information on where keys are to be generated. + * Once collected, write to CS.cfg: + * "preop.module=soft" + * or + * "preop.module=hard" + * * <ul> - * <li>http.param selection "soft" or "hard" for software token or hardware - * token + * <li>http.param selection "soft" or "hard" for software token or hardware token * </ul> */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; @@ -71,7 +76,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 1f680b64..ec3686e9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -53,19 +54,19 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() { - } + public NamePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -78,39 +79,27 @@ public class NamePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "CA Signing Certificate's DN"); + Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "CA Signing Certificate's DN"); set.add("caDN", caDN); - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "SSL Server Certificate's DN"); + Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "SSL Server Certificate's DN"); set.add("sslDN", sslDN); - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "CA Subsystem Certificate's DN"); + Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "OCSP Signing Certificate's DN"); + Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -135,7 +124,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert." + t + ".done"); + cs.remove("preop.cert."+t+".done"); } try { @@ -153,8 +142,7 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -171,11 +159,12 @@ public class NamePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("NamePanel: display()"); context.put("title", "Subject Names"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -190,16 +179,16 @@ public class NamePanel extends WizardPanelBase { String hselect = ""; String cstype = ""; try { - // if CA, at the hierarchy panel, was it root or subord? + //if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); select = config.getString("preop.subsystem.select", ""); cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -218,53 +207,47 @@ public class NamePanel extends WizardPanelBase { int sd_admin_port = -1; if (domaintype.equals("existing")) { host = config.getString("securitydomain.host", ""); - sd_admin_port = config.getInteger( - "securitydomain.httpsadminport", -1); + sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1); count = getSubsystemCount(host, sd_admin_port, true, cstype); } while (st.hasMoreTokens()) { String certTag = st.nextToken(); - CMS.debug("NamePanel: display() about to process certTag :" - + certTag); - String nn = config.getString(PCERT_PREFIX + certTag - + ".nickname"); + CMS.debug("NamePanel: display() about to process certTag :" + certTag); + String nn = config.getString( + PCERT_PREFIX + certTag + ".nickname"); Cert c = new Cert(token, nn, certTag); - String userfriendlyname = config.getString(PCERT_PREFIX - + certTag + ".userfriendlyname"); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); c.setUserFriendlyName(userfriendlyname); - String type = config - .getString(PCERT_PREFIX + certTag + ".type"); + String type = config.getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem + "." + certTag - + ".cert", ""); - String certreq = config.getString(subsystem + "." + certTag - + ".certreq", ""); + String cert = config.getString(subsystem +"."+certTag +".cert", ""); + String certreq = + config.getString(subsystem + "." +certTag +".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag - + ".cncomponent.override", true); - // o_sd is to add o=secritydomainname - boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag - + "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is " + override); - CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); - CMS.debug("NamePanel: display() domainname is " + domainname); + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + //o_sd is to add o=secritydomainname + boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is "+override); + CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); + CMS.debug("NamePanel: display() domainname is "+domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX + certTag - + ".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); } catch (Exception e) { } @@ -272,36 +255,28 @@ public class NamePanel extends WizardPanelBase { boolean done = config.getBoolean("preop.NamePanel.done"); c.setDN(dn); } catch (Exception e) { - String instanceId = config.getString("service.instanceID", - ""); + String instanceId = config.getString("service.instanceID", ""); if (select.equals("clone") || dnUpdated) { c.setDN(dn); - } else if (count != 0 && override - && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = " + count); - c.setDN(dn - + " " - + count - + ((!instanceId.equals("")) ? (",OU=" + instanceId) - : "") - + ((o_sd) ? (",O=" + domainname) : "")); - config.putBoolean( - PCERT_PREFIX + certTag + ".updatedDN", true); + } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { + CMS.debug("NamePanel subsystemCount = "+count); + c.setDN(dn + " "+count+ + ((!instanceId.equals(""))? (",OU=" + instanceId):"") + + ((o_sd)? (",O=" + domainname):"")); + config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); } else { - c.setDN(dn - + ((!instanceId.equals("")) ? (",OU=" + instanceId) - : "") - + ((o_sd) ? (",O=" + domainname) : "")); - config.putBoolean( - PCERT_PREFIX + certTag + ".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals(""))? (",OU=" + instanceId):"") + + ((o_sd)? (",O=" + domainname):"")); + config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); } } mCerts.addElement(c); - CMS.debug("NamePanel: display() added cert to mCerts: certTag " - + certTag); - config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", - c.getDN()); + CMS.debug( + "NamePanel: display() added cert to mCerts: certTag " + + certTag); + config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN()); }// while } catch (EBaseException e) { CMS.debug("NamePanel: display() exception caught:" + e.toString()); @@ -327,8 +302,7 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} context.put("urls", v); @@ -342,7 +316,8 @@ public class NamePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -353,34 +328,30 @@ public class NamePanel extends WizardPanelBase { if (dn == null || dn.length() == 0) { context.put("updateStatus", "validate-failure"); - throw new IOException("Empty DN for " - + cert.getUserFriendlyName()); + throw new IOException("Empty DN for " + cert.getUserFriendlyName()); } } } // while } - /* + /* * update some parameters for clones */ - public void updateCloneConfig(IConfigStore config) throws EBaseException, - IOException { + public void updateCloneConfig(IConfigStore config) + throws EBaseException, IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); - String subsystem = config.getString(PCERT_PREFIX - + "storage.subsystem"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token - + ":" + storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token - + ":" + transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); config.commit(false); } else { // software token // parameters already set @@ -388,19 +359,14 @@ public class NamePanel extends WizardPanelBase { } // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" - + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" - + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") - && !audit_tk.equals("")) { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); + String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); + if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + audit_tk + ":" + audit_nn); } else { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + audit_nn); } } @@ -408,10 +374,9 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); String nickname = getNickname(config, certTag); @@ -420,46 +385,38 @@ public class NamePanel extends WizardPanelBase { // should change the entire system to use the uniformed names later if (certTag.equals("signing") || certTag.equals("ocsp_signing")) { CMS.debug("NamePanel: setting signing nickname=" + nickname); - config.putString(subsystem + "." + certTag + ".cacertnickname", - nickname); - config.putString(subsystem + "." + certTag + ".certnickname", - nickname); + config.putString(subsystem + "." + certTag + ".cacertnickname", nickname); + config.putString(subsystem + "." + certTag + ".certnickname", nickname); } - // if KRA, hardware token needs param "kra.storageUnit.hardware" in - // CS.cfg + // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token - + ":" + nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", - token + ":" + nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", - nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", - nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token + ":" + nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token+":"+nickname; } - File file = new File(path + "/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path - + "/conf/serverCertNick.conf")); + File file = new File(path+"/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -467,29 +424,25 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") - && !token.equals("")) { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* - * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - * "SHA1withRSA"); + config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", + "SHA1withRSA"); */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { - config.putString(subsystem + ".cert." + certTag + ".nickname", - nickname); + config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); } config.commit(false); @@ -500,13 +453,13 @@ public class NamePanel extends WizardPanelBase { * create and sign a cert locally (handles both "selfsign" and "local") */ public void configCert(HttpServletRequest request, - HttpServletResponse response, Context context, Cert certObj) - throws IOException { + HttpServletResponse response, + Context context, Cert certObj) throws IOException { CMS.debug("NamePanel: configCert called"); IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is " + caType); + CMS.debug("NamePanel: in configCert caType is "+ caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -516,40 +469,31 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX + certTag - + ".profile"); + String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_ee_port = config.getInteger( - "securitydomain.httpseeport", -1); + sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:" - + ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" - + machineName + "-" + securePort + "&profileId=" - + profileId - + "&cert_request_type=pkcs10&cert_request=" - + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { - throw new IOException( - "Error: remote certificate is null"); + throw new IOException("Error: remote certificate is null"); } } else if (v.equals("sdca")) { String ca_hostname = ""; @@ -560,105 +504,96 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" - + machineName + "-" + securePort + "&profileId=" - + profileId - + "&cert_request_type=pkcs10&cert_request=" - + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { - throw new IOException( - "Error: remote certificate is null"); + throw new IOException("Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); if (ca == null) { String s = PCERT_PREFIX + certTag + ".type"; - CMS.debug("The value for " + s + CMS.debug( + "The value for " + s + " should be remote, nothing else."); - throw new IOException("The value for " + s - + " should be remote"); - } - - String pubKeyType = config.getString(PCERT_PREFIX + certTag - + ".keytype"); + throw new IOException( + "The value for " + s + " should be remote"); + } + + String pubKeyType = config.getString( + PCERT_PREFIX + certTag + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString(PCERT_PREFIX - + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString(PCERT_PREFIX - + certTag + ".pubkey.exponent"); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); + + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert("...certificate be generated internally..."); - config.putString(subsystem + "." + certTag - + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil - .string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } } + } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString(PCERT_PREFIX - + certTag + ".pubkey.encoded"); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); + + if (certTag.equals("signing")) { + + X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); - X509Key x509key = CryptoUtil - .getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert("...certificate be generated internally..."); - config.putString(subsystem + "." + certTag - + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil - .getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } } + } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -670,9 +605,9 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + // certObj.setCert(certs); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); } config.commit(false); @@ -682,76 +617,72 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, - HttpServletResponse response, Context context, String tag) - throws IOException { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct - + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " - + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", - nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); + HttpServletResponse response, + Context context, String tag) throws IOException + { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); + + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + + " tag=" +tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " - + ct + ": " + e.toString()); - } - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; - } - } - CMS.debug("NamePanel: configCertWithTag done"); + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } - private boolean inputChanged(HttpServletRequest request) throws IOException { - IConfigStore config = CMS.getConfigStore(); - + private boolean inputChanged(HttpServletRequest request) + throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - String olddn = config.getString( - PCERT_PREFIX + cert.getCertTag() + ".dn", ""); + String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", ""); // get the dn's and put in config String dn = HttpInput.getDN(request, cert.getCertTag()); if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct - + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -759,43 +690,44 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) { + + public String getURL(HttpServletRequest request, IConfigStore config) + { String index = request.getParameter("urls"); - if (index == null) { - return null; + if (index == null){ + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; - } - counter++; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; } - } catch (Exception e) { + counter++; } + } catch (Exception e) {} } - return url; + return url; } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -804,12 +736,12 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); try { - // if CA, at the hierarchy panel, was it root or subord? + //if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { @@ -818,14 +750,13 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA - // connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -839,75 +770,71 @@ public class NamePanel extends WizardPanelBase { return; } - // if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); + //if no hselect, then not CA + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); - URL urlx = null; - - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - } + URL urlx = null; - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); - } + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX+"signing.type", "remote"); } - try { - config.commit(false); - } catch (Exception e) { + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); } - } try { + config.commit(false); + } catch (Exception e) {} + + } + + try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX + ct - + ".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); if (certDone) continue; // get the nicknames and put in config String nickname = HttpInput.getNickname(request, ct + "_nick"); if (nickname != null) { - CMS.debug("NamePanel: update: Setting nickname for " + ct - + " to " + nickname); + CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname); config.putString(PCERT_PREFIX + ct + ".nickname", nickname); cert.setNickname(nickname); } else { @@ -923,31 +850,32 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert." + cert.getCertTag() - + ".done", true); + config.putBoolean("preop.cert."+cert.getCertTag()+".done", + true); config.commit(false); } catch (Exception e) { - CMS.debug("NamePanel: update() exception caught:" - + e.toString()); - hasErr = true; + CMS.debug( + "NamePanel: update() exception caught:" + + e.toString()); + hasErr = true; System.err.println("Exception caught: " + e.toString()); } - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + } // while + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try + try { config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} if (!hasErr) { context.put("updateStatus", "success"); @@ -957,11 +885,8 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void updateCloneSDCAInfo(HttpServletRequest request, - Context context, String hostname, String httpsPortStr) - throws IOException { - CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" - + hostname + " port=" + httpsPortStr); + private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -972,16 +897,19 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort(config, hostname, - httpsPortStr, "CA"); + https_admin_port = getSecurityDomainAdminPort( config, + hostname, + httpsPortStr, + "CA" ); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug("NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug( + "NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -990,11 +918,9 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsadminport", https_admin_port); } - private void sdca(HttpServletRequest request, Context context, - String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); - CMS.debug("NamePanel update: selected CA hostname=" + hostname - + " port=" + httpsPortStr); + CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -1008,16 +934,19 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort(config, hostname, - httpsPortStr, "CA"); + https_admin_port = getSecurityDomainAdminPort( config, + hostname, + httpsPortStr, + "CA" ); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug("NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug( + "NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -1025,18 +954,21 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, - true, context, certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "ca", hostname, + httpsport, true, context, + certApprovalCallback ); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } + public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { context.put("certs", mCerts); } @@ -1044,9 +976,11 @@ public class NamePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index 8d484f4e..cf37fdff 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -49,9 +50,11 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, and it associates TPS's server - * certificate to the user. Finally, it addes the user to the administrator - * group. This procedure will allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, + * and it associates TPS's server certificate to + * the user. Finally, it addes the user to the + * administrator group. This procedure will + * allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -64,7 +67,9 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + public RegisterUser() { super(); @@ -72,7 +77,6 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,7 +88,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -98,9 +102,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -113,19 +117,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -146,112 +150,119 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" - + "+Resource;;" - + uid - + "+fullname;;" - + name - + "+state;;1" - + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+fullname;;"+ name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate) cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = new com.netscape.certsrv.usrgrp.Certificates( - certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate)cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: " + ec.toString()); + CMS.debug("RegisterUser: exception thrown: "+ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid " + uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid "+uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" - + "+Resource;;" + uid + "+cert;;" + certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+cert;;"+certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } + // add user to the group - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" - + "+Resource;;" + mGroupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;"+ mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup) groups.nextElement(); + IGroup group = (IGroup)groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams += ","; + auditParams +=","; } } @@ -262,17 +273,22 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser modified group"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -289,22 +305,14 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index d03bc313..76f5a749 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -75,19 +76,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() { - } + public RestoreKeyCertPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -98,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select", ""); + String select = cs.getString("preop.subsystem.select",""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -137,16 +138,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -154,12 +154,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Import Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -180,7 +181,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String tokenname = ""; try { @@ -191,14 +193,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!tokenname.equals("Internal Key Storage Token")) return; - // Path can be empty. If this case, we just want to + // Path can be empty. If this case, we just want to // get to the next panel. Customer has HSM. String s = HttpInput.getString(request, "path"); // if (s == null || s.equals("")) { - // CMS.debug("RestoreKeyCertPanel validate: path is empty"); - // throw new IOException("Path is empty"); + // CMS.debug("RestoreKeyCertPanel validate: path is empty"); + // throw new IOException("Path is empty"); // } + if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -213,14 +216,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException + { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -228,7 +233,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -240,9 +245,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; - FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" - + path); - while (fis.available() > 0) + FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); + while (fis.available() > 0) fis.read(b); fis.close(); @@ -252,11 +256,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX) (new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX)(new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); } if (verifypfx) { @@ -264,60 +267,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i = 0; i < safes.getSize(); i++) { + for (int i=0; i<safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j = 0; j < scontent.size(); j++) { - SafeBag bag = (SafeBag) scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j=0; j<scontent.size(); j++) { + SafeBag bag = (SafeBag)scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = (EncryptedPrivateKeyInfo) bag - .getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = + (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); - PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt( - password, new PasswordConverter()); + PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k = 0; k < bagAttrs.size(); k++) { - Attribute attrs = (Attribute) bagAttrs - .elementAt(k); + for (int k=0; k<bagAttrs.size(); k++) { + Attribute attrs = (Attribute)bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY) val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream( - ss.getEncoded()); - BMPString sss = (BMPString) (new BMPString.Template()) - .decode(bbis); + ANY ss = (ANY)val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); + BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag) bag - .getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING) cbag - .getInterpretedCert(); + CertBag cbag = (CertBag)bag.getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k = 0; k < bagAttrs.size(); k++) { - Attribute attrs = (Attribute) bagAttrs - .elementAt(k); - OBJECT_IDENTIFIER aoid = attrs - .getType(); + for (int k=0; k<bagAttrs.size(); k++) { + Attribute attrs = (Attribute)bagAttrs.elementAt(k); + OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY) val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream( - ss.getEncoded()); - BMPString sss = (BMPString) (new BMPString.Template()) - .decode(bbis); + ANY ss = (ANY)val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); + BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -328,11 +321,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -350,12 +342,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); - context.put("errorString", - "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", "Make sure you have copied the certificate database over to the clone"); context.put("updateStatus", "failure"); throw new IOException("Clone is not ready"); } @@ -372,7 +363,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -390,31 +381,22 @@ public class RestoreKeyCertPanel extends WizardPanelBase { int master_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_port = config - .getInteger("securitydomain.httpsadminport", -1); + sd_port = config.getInteger("securitydomain.httpsadminport", -1); master_hostname = config.getString("preop.master.hostname", ""); - master_port = config.getInteger("preop.master.httpsadminport", - -1); - master_ee_port = config - .getInteger("preop.master.httpsport", -1); + master_port = config.getInteger("preop.master.httpsadminport", -1); + master_ee_port = config.getInteger("preop.master.httpsport", -1); String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID=" - + session_id; + content = "type=request&xmlOutput=true&sessionID="+session_id; CMS.debug("http content=" + content); - updateNumberRange(master_hostname, master_ee_port, true, - content, "request", response); - - content = "type=serialNo&xmlOutput=true&sessionID=" - + session_id; - updateNumberRange(master_hostname, master_ee_port, true, - content, "serialNo", response); - - content = "type=replicaId&xmlOutput=true&sessionID=" - + session_id; - updateNumberRange(master_hostname, master_ee_port, true, - content, "replicaId", response); + updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); + + content = "type=serialNo&xmlOutput=true&sessionID="+session_id; + updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); + + content = "type=replicaId&xmlOutput=true&sessionID="+session_id; + updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); } String list = ""; @@ -424,7 +406,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -456,7 +438,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - if (s1.length() != 0) + + if (s1.length()!=0) s1.append(","); s1.append(cstype); @@ -466,29 +449,21 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length() != 0) + if (s1.length()!=0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" - + c1.toString() - + "&substores=" - + s1.toString() - + "&xmlOutput=true&sessionID=" + session_id; - boolean success = updateConfigEntries(master_hostname, - master_port, true, "/" + cstype + "/admin/" + cstype - + "/getConfigEntries", content, config, - response); + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; + boolean success = updateConfigEntries(master_hostname, master_port, true, + "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); if (!success) { - context.put("errorString", - "Failed to get configuration entries from the master"); - throw new IOException( - "Failed to get configuration entries from the master"); + context.put("errorString", "Failed to get configuration entries from the master"); + throw new IOException("Failed to get configuration entries from the master"); } config.putString("preop.clone.configuration", "true"); try { @@ -498,8 +473,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:" - + eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); } } catch (IOException ee) { @@ -517,42 +491,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master." + s + ".nickname"; + String name = "preop.master."+s+".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" - + e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); + } } - private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType( - PublicKey pubkey) { - CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { + CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -562,13 +532,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i = 0; i < pkeyinfo_collection.size(); i++) { + for (int i=0; i<pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v - .elementAt(0); - String nickname = (String) pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); + String nickname = (String)pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -581,37 +550,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; IVParameterSpec param = new IVParameterSpec(iv); - Cipher c = token - .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); + Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); - org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate( - encpkey, getPrivateKeyType(publickey), publickey); + org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); } } - for (int i = 0; i < cert_collection.size(); i++) { + for (int i=0; i<cert_collection.size(); i++) { try { - Vector cert_v = (Vector) cert_collection.elementAt(i); - byte[] cert = (byte[]) cert_v.elementAt(0); + Vector cert_v = (Vector)cert_collection.elementAt(i); + byte[] cert = (byte[])cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String) cert_v.elementAt(1); + String name = (String)cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -622,35 +586,30 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store) store; + PK11Store pk11store = (PK11Store)store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); } } } } - X509Certificate xcert = cm.importUserCACertPackage(cert, - name); + X509Certificate xcert = cm.importUserCACertPackage(cert, name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate) xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate)xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate) xcert; - icert.setObjectSigningTrust(InternalCertificate.USER - | InternalCertificate.VALID_PEER - | InternalCertificate.TRUSTED_PEER); + InternalCertificate icert = (InternalCertificate)xcert; + icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); } } } @@ -669,44 +628,41 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i = 0; i < permcerts.length; i++) { + for (int i=0; i<permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); - if (issuer_p.equals(issuer_impl) - && serial_p.compareTo(serial_impl) == 0) { + if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { return permcerts[i]; } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i = 0; i < cert_collection.size(); i++) { - Vector v = (Vector) cert_collection.elementAt(i); - byte[] b = (byte[]) v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i=0; i<cert_collection.size(); i++) { + Vector v = (Vector)cert_collection.elementAt(i); + byte[] b = (byte[])v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); + throw new IOException( e.toString() ); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -718,14 +674,17 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); context.put("panel", "admin/console/config/restorekeycertpanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, Context context) { + private boolean isCertdbCloned(HttpServletRequest request, + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -739,13 +698,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master." + token + ".nickname"; + String name1 = "preop.master."+token+".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + nickname = tokenname+":"+nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 83d8413e..854e8f10 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() { - } + public SavePKCS12Panel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +60,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,14 +77,13 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -96,7 +95,8 @@ public class SavePKCS12Panel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Save Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; @@ -116,14 +116,15 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); context.put("updateStatus", "success"); @@ -133,7 +134,9 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 14e52a38..3a5d82d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.net.URL; import java.net.URLDecoder; @@ -38,12 +39,14 @@ public class SecurityDomainLogin extends BaseServlet { private static final long serialVersionUID = -1616344299101179396L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { @@ -56,9 +59,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index + 10); + subsystem = url.substring(index+10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -67,16 +70,15 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); - template = Velocity - .getTemplate("admin/console/config/securitydomainloginpanel.vm"); + context.put("name", sdname); + template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index e43fa913..90a6aeb0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -38,19 +39,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() { - } + public SecurityDomainPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -71,16 +72,15 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,7 +88,8 @@ public class SecurityDomainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Security Domain"); IConfigStore config = CMS.getConfigStore(); String errorString = ""; @@ -98,12 +99,10 @@ public class SecurityDomainPanel extends WizardPanelBase { String systemdService = ""; try { - default_admin_url = config.getString( - "preop.securitydomain.admin_url", ""); + default_admin_url = config.getString("preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); cstype = config.getString("cs.type", ""); - systemdService = config.getString("pkicreate.systemd.servicename", - ""); + systemdService = config.getString("pkicreate.systemd.servicename", ""); } catch (Exception e) { CMS.debug(e.toString()); } @@ -137,8 +136,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -159,19 +157,18 @@ public class SecurityDomainPanel extends WizardPanelBase { while (st.hasMoreTokens()) { count++; String n = st.nextToken(); - if (first) { // skip the hostname + if (first) { //skip the hostname first = false; continue; } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length() == 0) ? "" : " "); + sb.append((defaultDomain.length()==0)? "":" "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " " + "Domain"; + defaultDomain = sb.toString() + " "+ "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:" - + name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -179,53 +176,54 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if (default_admin_url != null) { + if( default_admin_url != null ) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL(default_admin_url); + URL u = new URL( default_admin_url ); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, port, true, certApprovalCallback); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, port, true, certApprovalCallback ); } catch (Exception e) { - CMS.debug("SecurityDomainPanel: exception caught: " - + e.toString()); + CMS.debug( "SecurityDomainPanel: exception caught: " + + e.toString() ); } - - if (r != null) { + + if( r != null ) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug("SecurityDomainPanel: pingCS returns: " + r); - context.put("sdomainURL", default_admin_url); + CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); + context.put( "sdomainURL", default_admin_url ); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug("SecurityDomainPanel: pingCS no successful response"); - context.put("sdomainURL", ""); + CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); + context.put( "sdomainURL", "" ); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty("os.name"); - if (os.equalsIgnoreCase("Linux")) { - if (!systemdService.equals("")) { - context.put("initCommand", "/usr/bin/pkicontrol"); - context.put("instanceId", "ca " + systemdService); + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + if (! systemdService.equals("")) { + context.put( "initCommand", "/usr/bin/pkicontrol" ); + context.put( "instanceId", "ca " + systemdService ); } else { - context.put("initCommand", "/sbin/service " + initDaemon); - context.put("instanceId", instanceId); + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put("initCommand", "/etc/init.d/" + initDaemon); - context.put("instanceId", instanceId); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + initDaemon ); + context.put( "instanceId", instanceId ); } } @@ -233,7 +231,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0, 1).toUpperCase() + s.substring(1); + return s.substring(0,1).toUpperCase() + s.substring(1); } } @@ -241,59 +239,62 @@ public class SecurityDomainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - + HttpServletResponse response, + Context context) throws IOException { + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { - String name = HttpInput.getSecurityDomainName(request, - "sdomainName"); + String name = HttpInput.getSecurityDomainName(request, "sdomainName"); if (name == null || name.equals("")) { initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( - "Missing name value for the security domain"); + throw new IOException("Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug("SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ."); - String admin_url = HttpInput.getURL(request, "sdomainURL"); - if (admin_url == null || admin_url.equals("")) { - initParams(request, context); + CMS.debug( "SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ." ); + String admin_url = HttpInput.getURL( request, "sdomainURL" ); + if( admin_url == null || admin_url.equals("") ) { + initParams( request, context ); context.put("updateStatus", "validate-failure"); - throw new IOException("Missing SSL Admin HTTPS url value " - + "for the security domain"); + throw new IOException( "Missing SSL Admin HTTPS url value " + + "for the security domain" ); } else { String r = null; try { - URL u = new URL(admin_url); + URL u = new URL( admin_url ); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, admin_port, true, certApprovalCallback); - } catch (Exception e) { - CMS.debug("SecurityDomainPanel: exception caught: " - + e.toString()); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, admin_port, true, + certApprovalCallback ); + } catch( Exception e ) { + CMS.debug( "SecurityDomainPanel: exception caught: " + + e.toString() ); context.put("updateStatus", "validate-failure"); - throw new IOException("Illegal SSL Admin HTTPS url value " - + "for the security domain"); + throw new IOException( "Illegal SSL Admin HTTPS url value " + + "for the security domain" ); } if (r != null) { - CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + r); - context.put("sdomainURL", admin_url); + CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + + r ); + context.put( "sdomainURL", admin_url ); } else { - CMS.debug("SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS"); - context.put("sdomainURL", ""); + CMS.debug( "SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS" ); + context.put( "sdomainURL", "" ); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException { + public void initParams(HttpServletRequest request, Context context) + throws IOException + { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -305,7 +306,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -324,7 +325,8 @@ public class SecurityDomainPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { String errorString = ""; String select = HttpInput.getID(request, "choice"); @@ -338,28 +340,29 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); - - // make sure the subsystem certificate is issued by the security + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", + CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", + CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", + CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); + + // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); - config.putString("preop.cert.subsystem.profile", - "subsystemCert.profile"); - + config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); + try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} String instanceRoot = ""; try { @@ -374,38 +377,37 @@ public class SecurityDomainPanel extends WizardPanelBase { // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "remote"); - config.putString("preop.cert.subsystem.profile", - "caInternalAuthSubsystemCert"); + config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert"); String admin_url = HttpInput.getURL(request, "sdomainURL"); String hostname = ""; int admin_port = -1; - if (admin_url != null) { + if( admin_url != null ) { try { - URL admin_u = new URL(admin_url); + URL admin_u = new URL( admin_url ); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch (MalformedURLException e) { + } catch( MalformedURLException e ) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException(errorString); + throw new IOException( errorString ); } - context.put("sdomainURL", admin_url); - config.putString("securitydomain.host", hostname); - config.putInteger("securitydomain.httpsadminport", admin_port); + context.put( "sdomainURL", admin_url ); + config.putString( "securitydomain.host", hostname ); + config.putInteger( "securitydomain.httpsadminport", + admin_port ); } try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain(config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback); + updateCertChain( config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback ); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -423,8 +425,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -434,7 +435,8 @@ public class SecurityDomainPanel extends WizardPanelBase { * If validate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore config = CMS.getConfigStore(); String default_admin_url = ""; try { @@ -443,35 +445,33 @@ public class SecurityDomainPanel extends WizardPanelBase { } try { - default_admin_url = config.getString( - "preop.securitydomain.admin_url", ""); - } catch (Exception e) { - } + default_admin_url = config.getString("preop.securitydomain.admin_url", ""); + } catch (Exception e) {} - if (default_admin_url != null) { + if( default_admin_url != null ) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL(default_admin_url); + URL u = new URL( default_admin_url ); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, port, true, certApprovalCallback); - } catch (Exception e) { - } - - if (r != null) { + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, port, true, certApprovalCallback ); + } catch (Exception e) {} + + if( r != null ) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put("sdomainURL", default_admin_url); + context.put( "sdomainURL", default_admin_url ); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put("sdomainURL", ""); + context.put( "sdomainURL", "" ); } } @@ -482,21 +482,20 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", - config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) { - } + config.getString("preop.securitydomain.admin_url")); + } catch (EBaseException e) {} // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty("os.name"); - if (os.equalsIgnoreCase("Linux")) { - context.put("initCommand", "/sbin/service " + initDaemon); - context.put("instanceId", instanceId); + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put("initCommand", "/etc/init.d/" + initDaemon); - context.put("instanceId", instanceId); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + initDaemon ); + context.put( "instanceId", instanceId ); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index f881ba7c..3d3530f2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,7 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable + implements ISecurityDomainSessionTable { private Hashtable m_sessions; private long m_timeToLive; @@ -37,7 +38,8 @@ public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { Vector v = new Vector(); v.addElement(ip); v.addElement(uid); @@ -63,30 +65,30 @@ public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { } public String getIP(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); + Vector v = (Vector)m_sessions.get(sessionId); if (v != null) - return (String) v.elementAt(0); + return (String)v.elementAt(0); return null; } public String getUID(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); + Vector v = (Vector)m_sessions.get(sessionId); if (v != null) - return (String) v.elementAt(1); + return (String)v.elementAt(1); return null; } public String getGroup(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); + Vector v = (Vector)m_sessions.get(sessionId); if (v != null) - return (String) v.elementAt(2); + return (String)v.elementAt(2); return null; } public long getBeginTime(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); - if (v != null) { - Long n = (Long) v.elementAt(3); + Vector v = (Vector)m_sessions.get(sessionId); + if (v != null) { + Long n = (Long)v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index 05769dc5..c3a1e325 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -28,7 +28,8 @@ import com.netscape.certsrv.logging.ILogger; public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -38,27 +39,32 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String) keys.nextElement(); + String sessionId = (String)keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime - beginTime) > timeToLive) { + if ((nowTime-beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message - String auditParams = "operation;;expire_token+token;;" - + sessionId; + String auditParams = "operation;;expire_token+token;;" + sessionId; String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, "system", - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + "system", + ILogger.SUCCESS, + auditParams); - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, - auditMessage); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + auditMessage); + } } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index a096963c..0e6a507a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -53,14 +54,13 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() { - } + public SizePanel() {} /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,30 +69,25 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor( - IDescriptor.CHOICE, - "default,custom", - null, /* no default parameter */ + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, + "default,custom", null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Custom Key Size"); + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary */ + /* clean up if necessary*/ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -110,8 +105,7 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -120,10 +114,11 @@ public class SizePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -139,14 +134,12 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", - "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", - "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); } catch (Exception e) { } @@ -159,12 +152,12 @@ public class SizePanel extends WizardPanelBase { while (st.hasMoreTokens()) { String certTag = st.nextToken(); - String nn = config.getString(PCERT_PREFIX + certTag - + ".nickname"); + String nn = config.getString( + PCERT_PREFIX + certTag + ".nickname"); Cert c = new Cert(token, nn, certTag); - String s = config.getString(PCERT_PREFIX + certTag - + ".keysize.select", "default"); + String s = config.getString( + PCERT_PREFIX + certTag + ".keysize.select", "default"); if (s.equals("default")) { c.setKeyOption("default"); @@ -173,25 +166,26 @@ public class SizePanel extends WizardPanelBase { c.setKeyOption("custom"); } - s = config.getString(PCERT_PREFIX + certTag - + ".keysize.custom_size", default_rsa_key_size); + s = config.getString( + PCERT_PREFIX + certTag + ".keysize.custom_size", + default_rsa_key_size); c.setCustomKeysize(s); - s = config.getString(PCERT_PREFIX + certTag - + ".curvename.custom_name", default_ecc_curve_name); + s = config.getString( + PCERT_PREFIX + certTag + ".curvename.custom_name", + default_ecc_curve_name); c.setCustomCurvename(s); - boolean signingRequired = config.getBoolean(PCERT_PREFIX - + certTag + ".signing.required", false); + boolean signingRequired = config.getBoolean( + PCERT_PREFIX + certTag + ".signing.required", + false); c.setSigningRequired(signingRequired); - if (signingRequired) - mShowSigning = true; + if (signingRequired) mShowSigning = true; - String userfriendlyname = config.getString(PCERT_PREFIX - + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -212,15 +206,16 @@ public class SizePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException, - NumberFormatException { + HttpServletResponse response, + Context context) throws IOException, NumberFormatException { CMS.debug("SizePanel: update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -241,15 +236,13 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config - .getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val - + ",o=clone"); + String val = config.getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val+",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -258,17 +251,13 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa - // or - // ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc - String keyalgorithm = HttpInput.getString(request, ct - + "_keyalgorithm"); + String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); if (keyalgorithm == null) { if (keytype != null && keytype.equals("ecc")) { keyalgorithm = "SHA256withEC"; @@ -277,8 +266,7 @@ public class SizePanel extends WizardPanelBase { } } - String signingalgorithm = HttpInput.getString(request, ct - + "_signingalgorithm"); + String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm"); if (signingalgorithm == null) { signingalgorithm = keyalgorithm; } @@ -287,136 +275,114 @@ public class SizePanel extends WizardPanelBase { if (select == null) { CMS.debug("SizePanel: " + ct + "_choice not found"); - throw new IOException("SizePanel: " + ct - + "_choice not found"); + throw new IOException( + "SizePanel: " + ct + "_choice not found"); } - CMS.debug("SizePanel: update() keysize choice selected:" - + select); - String oldkeysize = config.getString(PCERT_PREFIX + ct - + ".keysize.size", ""); - String oldkeytype = config.getString(PCERT_PREFIX + ct - + ".keytype", ""); - String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm", ""); - String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct - + ".signingalgorithm", ""); - String oldcurvename = config.getString(PCERT_PREFIX + ct - + ".curvename.name", ""); + CMS.debug( + "SizePanel: update() keysize choice selected:" + select); + String oldkeysize = + config.getString(PCERT_PREFIX+ct+".keysize.size", ""); + String oldkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String oldkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String oldsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String oldcurvename = + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", - default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", - default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", - keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", - signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct - + ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct - + ".keysize.custom_size", default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", + default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString( - "preop.curvename.name", - HttpInput.getString(request, ct - + "_custom_curvename")); - config.putString( - "preop.curvename.custom_name", - HttpInput.getString(request, ct - + "_custom_curvename")); + config.putString("preop.curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); + config.putString("preop.curvename.custom_name", + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString( - "preop.keysize.size", - HttpInput.getKeySize(request, ct - + "_custom_size", keytype)); - config.putString( - "preop.keysize.custom_size", - HttpInput.getKeySize(request, ct - + "_custom_size", keytype)); + config.putString("preop.keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString("preop.keysize.custom_size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", - keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", - signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString( - PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct - + "_custom_curvename")); - config.putString( - PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct - + "_custom_curvename")); + config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", + HttpInput.getString(request, ct + "_custom_curvename")); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString( - PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct - + "_custom_size")); - config.putString( - PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct - + "_custom_size")); + config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", + HttpInput.getKeySize(request, ct + "_custom_size")); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = config.getString(PCERT_PREFIX + ct - + ".keysize.size", ""); - String newkeytype = config.getString(PCERT_PREFIX + ct - + ".keytype", ""); - String newkeyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm", ""); - String newsigningalgorithm = config.getString(PCERT_PREFIX + ct - + ".signingalgorithm", ""); - String newcurvename = config.getString(PCERT_PREFIX + ct - + ".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) - || !oldkeytype.equals(newkeytype) - || !oldkeyalgorithm.equals(newkeyalgorithm) - || !oldsigningalgorithm.equals(newsigningalgorithm) - || !oldcurvename.equals(newcurvename)) + String newkeysize = + config.getString(PCERT_PREFIX+ct+".keysize.size", ""); + String newkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String newkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String newsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String newcurvename = + config.getString(PCERT_PREFIX+ct+".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) || + !oldkeytype.equals(newkeytype) || + !oldkeyalgorithm.equals(newkeyalgorithm) || + !oldsigningalgorithm.equals(newsigningalgorithm) || + !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " - + e.toString()); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); } val1 = HttpInput.getID(request, "generateKeyPair"); @@ -427,20 +393,19 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (NumberFormatException e) { - CMS.debug("SizePanel: update() NumberFormatException caught: " - + e.toString()); + CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -449,9 +414,8 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); - friendlyName = config.getString(PCERT_PREFIX + ct - + ".userfriendlyname", ct); + enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); } catch (Exception e) { } @@ -459,19 +423,17 @@ public class SizePanel extends WizardPanelBase { continue; try { - String keytype = config.getString(PCERT_PREFIX + ct - + ".keytype"); - String keyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm"); - + String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); + String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); + if (keytype.equals("rsa")) { - int keysize = config.getInteger(PCERT_PREFIX + ct - + ".keysize.size"); + int keysize = config.getInteger( + PCERT_PREFIX + ct + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { - String curveName = config.getString(PCERT_PREFIX + ct - + ".curvename.name", default_ecc_curve_name); + String curveName = config.getString( + PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -479,41 +441,40 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( - "key generation failure for the certificate: " - + friendlyName + ". See the logs for details."); + throw new IOException("key generation failure for the certificate: " + friendlyName + + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug( + "SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, - IConfigStore config, String ct) throws NoSuchAlgorithmException, - NoSuchTokenException, TokenException, - CryptoManager.NotInitializedException { - CMS.debug("Generating ECC key pair with curvename=" + curveName - + ", token=" + token); + public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException + { + CMS.debug("Generating ECC key pair with curvename="+ curveName + + ", token="+token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise note: IE - * only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise + * note: IE only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -526,45 +487,49 @@ public class SizePanel extends WizardPanelBase { } // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) - .getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil - .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -572,39 +537,35 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, - IConfigStore config, String ct) throws NoSuchAlgorithmException, - NoSuchTokenException, TokenException, - CryptoManager.NotInitializedException { + public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException + { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) - .getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil - .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); - byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus() - .toByteArray(); - byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent() - .toByteArray(); + byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray(); + byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -612,39 +573,41 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void setSigningAlgorithm(String ct, String keyAlgo, - IConfigStore config) { + public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", - keyAlgo); - } + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", + keyAlgo); + config.putString("ca.crl.MasterCRL.signingAlgorithm", + keyAlgo); + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + keyAlgo); + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", - keyAlgo); - } - } else if (systemType.equalsIgnoreCase("KRA") - || systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", + keyAlgo); + } + } else if (systemType.equalsIgnoreCase("KRA") || + systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -656,13 +619,10 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.hierarchy.select", "root"); context.put("hselect", s); - s = config.getString("preop.ecc.algorithm.list", - "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); + s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config - .getString("preop.rsa.algorithm.list", - "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); @@ -675,8 +635,7 @@ public class SizePanel extends WizardPanelBase { context.put("subsystemtype", s); } catch (Exception e) { - CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" - + e); + CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e); } } @@ -684,9 +643,10 @@ public class SizePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index b1c16d65..cf59e07c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,7 +51,6 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,14 +58,13 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -87,9 +85,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (!hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname - + " and givenHost=" + givenHost + " are different"); + if (! hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; @@ -124,15 +122,7 @@ public class TokenAuthenticate extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index b71cbb3c..cf699c61 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -44,6 +45,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateConnector extends CMSServlet { /** @@ -60,7 +62,6 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +71,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -84,9 +85,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +100,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -124,35 +125,33 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String) list.nextElement(); + String name = (String)list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { - CMS.debug("Adding connector update name=" + name + " val=" - + val); + CMS.debug("Adding connector update name=" + name + " val=" + val); cs.putString(name, val); } else { - CMS.debug("Skipping connector update name=" + name + " val=" - + val); + CMS.debug("Skipping connector update name=" + name + " val=" + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + nickname = tokenname+":"+nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); - ICAService caService = (ICAService) ca.getCAService(); - IConnector kraConnector = caService.getConnector(cs - .getSubStore("ca.connector.KRA")); + try { + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + ICAService caService = (ICAService)ca.getCAService(); + IConnector kraConnector = caService.getConnector( + cs.getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -174,22 +173,14 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index 57c58df3..c9fe27ef 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -54,6 +55,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateDomainXML extends CMSServlet { /** @@ -62,8 +64,10 @@ public class UpdateDomainXML extends CMSServlet { private static final long serialVersionUID = 4059169588555717548L; private final static String SUCCESS = "0"; private final static String FAILED = "1"; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -71,7 +75,6 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,19 +101,20 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory != null)) { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -131,21 +135,23 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory != null)) { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } + private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -166,38 +172,37 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry " - + ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " - + e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory != null)) { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } + + /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -214,7 +219,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -228,18 +233,19 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, AUTH_FAILURE, - "Error: Encountered problem during authorization."); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, + AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -266,7 +272,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -280,20 +286,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (!missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing - + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing - + "not provided in request"); + if (! missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + + "not provided in request"); + outputError(httpResp, "Error: required parameters: " + missing + + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" - + sport + "+clone;;" + clone + "+type;;" + type; + String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ + "+clone;;"+clone+"+type;;"+type; if (operation != null) { - auditParams += "+operation;;" + operation; + auditParams += "+operation;;"+operation; } else { auditParams += "+operation;;add"; } @@ -306,7 +312,8 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -319,14 +326,13 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport != null) && (adminsport != "")) { + if ((adminsport!= null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; } - String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," - + basedn; + String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); LDAPAttributeSet attrs = null; @@ -350,69 +356,69 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport)); } if ((domainmgr != null) && (!domainmgr.equals(""))) { - attrs.add(new LDAPAttribute("DomainManager", domainmgr - .toUpperCase())); + attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase())); } attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport - + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport - + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" - + "+resource;;" + adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, - userAuditParams); - audit(auditMessage); - - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" - + "+source;;UpdateDomainXML" - + "+resource;;Subsystem Group+user;;" - + adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute( - "uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;"+adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); if (status2.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, - userAuditParams); - } else { + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + audit(auditMessage); + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + "+source;;UpdateDomainXML" + + "+resource;;Subsystem Group+user;;"+adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + new LDAPAttribute("uniqueMember", adminUserDN)); + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + } + audit(auditMessage); + } else { // error deleting user auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - userAuditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + audit(auditMessage); } - audit(auditMessage); - } else { // error deleting user - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - userAuditParams); - audit(auditMessage); } - } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } else { + } + else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -424,7 +430,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count = 0; + int count =0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -434,19 +440,15 @@ public class UpdateDomainXML extends CMSServlet { for (int i = 0; i < len; i++) { Node nn = (Node) nodeList.item(i); - Vector v_name = parser.getValuesFromContainer(nn, - "SubsystemName"); - Vector v_host = parser.getValuesFromContainer(nn, - "Host"); - Vector v_adminport = parser.getValuesFromContainer(nn, - "SecureAdminPort"); - if ((v_name.elementAt(0).equals(name)) - && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count--; - break; + Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nn, "Host"); + Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); + if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count --; + break; } } } else { @@ -455,44 +457,39 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "SubsystemName", name); parser.addItemToContainer(parent, "Host", host); parser.addItemToContainer(parent, "SecurePort", sport); - parser.addItemToContainer(parent, "SecureAgentPort", - agentsport); - parser.addItemToContainer(parent, "SecureAdminPort", - adminsport); - parser.addItemToContainer(parent, "SecureEEClientAuthPort", - eecaport); + parser.addItemToContainer(parent, "SecureAgentPort", agentsport); + parser.addItemToContainer(parent, "SecureAdminPort", adminsport); + parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport); parser.addItemToContainer(parent, "UnSecurePort", httpport); - parser.addItemToContainer(parent, "DomainManager", - domainmgr.toUpperCase()); - parser.addItemToContainer(parent, "Clone", - clone.toUpperCase()); - count++; + parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); + parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); + count ++; } - // update count + //update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i = 0; i < nlist.getLength(); i++) { - Element nn = (Element) nlist.item(i); + for (int i=0; i<nlist.getLength(); i++) { + Element nn = (Element)nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); + CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", "" + count); + parser.addItemToContainer(n, "SubsystemCount", ""+count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -506,24 +503,28 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); } else { // what if already exists or already deleted auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.FAILURE, + auditParams); } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -536,34 +537,24 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" - + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) - return "host"; - else - return xmltag; + if (xmltag.equals("Host")) return "host"; + else return xmltag; } - protected void setDefaultTemplates(ServletConfig sc) { - } - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void setDefaultTemplates(ServletConfig sc) {} + + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index f563c9f6..0a1787aa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,6 +45,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateNumberRange extends CMSServlet { /** @@ -53,7 +55,8 @@ public class UpdateNumberRange extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -61,7 +64,6 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,13 +73,11 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( + IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -146,8 +146,8 @@ public class UpdateNumberRange extends CMSServlet { repo = kra.getReplicaRepository(); } } else { // CA - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -157,28 +157,26 @@ public class UpdateNumberRange extends CMSServlet { } } - // checkRanges for replicaID - we do this each time a replica is - // created. - // This needs to be done beforehand to ensure that we always have - // enough + // checkRanges for replicaID - we do this each time a replica is created. + // This needs to be done beforehand to ensure that we always have enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix = 16; + radix=16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix = 10; + radix=10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -194,11 +192,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -206,19 +204,22 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - if (beginNum == null) { - CMS.debug("UpdateNumberRange::process() - " - + "beginNum is null!"); + + if( beginNum == null ) { + CMS.debug( "UpdateNumberRange::process() - " + + "beginNum is null!" ); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); return; } // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -229,51 +230,45 @@ public class UpdateNumberRange extends CMSServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); - xmlObj.addItemToContainer(root, "beginNumber", - beginNum.toString(radix)); + xmlObj.addItemToContainer(root, "beginNumber", beginNum.toString(radix)); xmlObj.addItemToContainer(root, "endNumber", endNum.toString(radix)); byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); cs.commit(false); - auditParams += "+beginNumber;;" + beginNum.toString(radix) - + "+endNumber;;" + endNum.toString(radix); + auditParams += "+beginNumber;;" + beginNum.toString(radix) + + "+endNumber;;" + endNum.toString(radix); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " - + e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, - ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); outputError(httpResp, "Error: Failed to update number range."); } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 266633cb..2339c4c7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,6 +40,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateOCSPConfig extends CMSServlet { /** @@ -56,7 +57,6 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -107,38 +107,32 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); + CMS.debug("UpdateOCSPConfig process: nickname="+nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString( - "ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); - cs.putString( - "ca.publish.publisher.instance.OCSPPublisher.pluginName", - "OCSPPublisher"); - cs.putString( - "ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", - "true"); + "/ocsp/agent/ocsp/addCRL"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -153,28 +147,19 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " - + e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index ff545b71..7b1c9959 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -34,14 +35,13 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() { - } + public WelcomePanel() {} /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,20 +52,19 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -73,21 +72,25 @@ public class WelcomePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); CMS.debug("WelcomePanel: display()"); context.put("title", "Welcome"); try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", cs.getString("preop.system.fullname") - + " Configuration Wizard"); - context.put("systemname", cs.getString("preop.system.name")); - context.put("fullsystemname", cs.getString("preop.system.fullname")); - context.put("productname", cs.getString("preop.product.name")); - context.put("productversion", cs.getString("preop.product.version")); - } catch (EBaseException e) { - } + context.put("panelname", + cs.getString("preop.system.fullname") + " Configuration Wizard"); + context.put("systemname", + cs.getString("preop.system.name")); + context.put("fullsystemname", + cs.getString("preop.system.fullname")); + context.put("productname", + cs.getString("preop.product.name")); + context.put("productversion", + cs.getString("preop.product.version")); + } catch (EBaseException e) {} context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -95,29 +98,27 @@ public class WelcomePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) {/* - * This should never - * be called - */ - } + HttpServletResponse response, + Context context) {/* This should never be called */} } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 1faca0f8..06eb63ff 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class WelcomeServlet extends BaseServlet { /** @@ -32,7 +34,8 @@ public class WelcomeServlet extends BaseServlet { private static final long serialVersionUID = 1179761802633506502L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index 570c5158..a2a7d5df 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -78,8 +79,8 @@ public class WizardPanelBase implements IWizardPanel { public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; /** - * Definition for "preop" static variables in CS.cfg -- "preop" config - * parameters should not assumed to exist after configuation + * Definition for "preop" static variables in CS.cfg + * -- "preop" config parameters should not assumed to exist after configuation */ public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; @@ -94,12 +95,15 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException + { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException + { mPanelNo = panelno; } @@ -138,7 +142,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -182,29 +186,30 @@ public class WizardPanelBase implements IWizardPanel { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { - } + HttpServletResponse response, + Context context) {} /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - } + HttpServletResponse response, + Context context) throws IOException {} /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { - } + HttpServletResponse response, + Context context) {} /** * Retrieves locale based on the request. @@ -228,17 +233,15 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) { - } + } catch (Exception e) {} String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; try { - preferredNickname = config.getString(PCERT_PREFIX + certTag - + ".nickname", null); - } catch (Exception e) { - } + preferredNickname = config.getString( + PCERT_PREFIX + certTag + ".nickname", null); + } catch (Exception e) {} if (preferredNickname != null) { nickname = preferredNickname; @@ -247,41 +250,37 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { - CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname - + " port=" + port); + String servlet, String uri) throws IOException { + CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; String tokenname = ""; try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) { - } + } catch (Exception e) {} - if (!tokenname.equals("") - && !tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) { - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("") && + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) { + nickname = tokenname+":"+nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, - nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = null; try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateDomainXML() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateDomainXML() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = obj.getValue("Status"); @@ -292,7 +291,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -303,21 +302,21 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount(String hostname, int https_admin_port, - boolean https, String type) throws IOException { + public int getSubsystemCount( String hostname, int https_admin_port, + boolean https, String type ) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type + "List"; + String containerName = type+"List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i = 0; i < nlist.getLength(); i++) { - Element nn = (Element) nlist.item(i); + for (int i=0; i<nlist.getLength(); i++) { + Element nn = (Element)nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -326,8 +325,7 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" - + countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -339,7 +337,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); throw new IOException(e.toString()); } } @@ -347,23 +345,23 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML(String hostname, int https_admin_port, - boolean https) throws IOException { + public String getDomainXML( String hostname, int https_admin_port, + boolean https ) + throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse(hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null); + String c = getHttpResponse( hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null ); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getDomainXML() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getDomainXML() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -373,14 +371,15 @@ public class WizardPanelBase implements IWizardPanel { if (status.equals(SUCCESS)) { String domainInfo = parser.getValue("DomainInfo"); - CMS.debug("WizardPanelBase getDomainXML: domainInfo=" - + domainInfo); - return domainInfo; + CMS.debug( + "WizardPanelBase getDomainXML: domainInfo=" + + domainInfo); + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -393,29 +392,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = + new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getSubsystemCert() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getSubsystemCert() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -424,90 +423,87 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConnectorInfo() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateConnectorInfo() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConnectorInfo: status=" - + status); + CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status); if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw new IOException(e.toString()); } } } - public String getCertChainUsingSecureAdminPort(String hostname, - int https_admin_port, boolean https, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public String getCertChainUsingSecureAdminPort( String hostname, + int https_admin_port, + boolean https, + ConfigCertApprovalCallback + certApprovalCallback ) + throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse(hostname, https_admin_port, https, - "/ca/admin/ca/getCertChain", null, null, certApprovalCallback); + String c = getHttpResponse( hostname, https_admin_port, https, + "/ca/admin/ca/getCertChain", null, null, + certApprovalCallback ); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" - + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" - + certchain); - return certchain; + CMS.debug( + "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw new IOException(e.toString()); } } @@ -515,51 +511,52 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort(String hostname, - int https_ee_port, boolean https, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public String getCertChainUsingSecureEEPort( String hostname, + int https_ee_port, + boolean https, + ConfigCertApprovalCallback + certApprovalCallback ) + throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse(hostname, https_ee_port, https, - "/ca/ee/ca/getCertChain", null, null, certApprovalCallback); + String c = getHttpResponse( hostname, https_ee_port, https, + "/ca/ee/ca/getCertChain", null, null, + certApprovalCallback ); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" - + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: certchain=" - + certchain); - return certchain; + CMS.debug( + "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw new IOException(e.toString()); } } @@ -567,44 +564,41 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public boolean updateConfigEntries(String hostname, int port, - boolean https, String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + public boolean updateConfigEntries(String hostname, int port, boolean https, + String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConfigEntries() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateConfigEntries() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConfigEntries: status=" - + status); + CMS.debug("WizardPanelBase updateConfigEntries: status=" + status); if (status.equals(SUCCESS)) { String cstype = ""; try { cstype = config.getString("cs.type", ""); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " - + e.toString()); + CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i = 0; i < len; i++) { + for (int i=0; i<len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -612,104 +606,73 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j = 0; j < len1; j++) { + for (int j=0; j<len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } if (name.equals("internaldb.ldapconn.host")) { - config.putString( - "preop.internaldb.master.hostname", v); + config.putString("preop.internaldb.master.hostname", v); } else if (name.equals("internaldb.ldapconn.port")) { config.putString("preop.internaldb.master.port", v); } else if (name.equals("internaldb.ldapauth.bindDN")) { - config.putString("preop.internaldb.master.binddn", - v); + config.putString("preop.internaldb.master.binddn", v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", - v); + config.putString("preop.internaldb.master.basedn", v); } else if (name.equals("internaldb.ldapauth.password")) { - config.putString("preop.internaldb.master.bindpwd", - v); - } else if (name - .equals("internaldb.replication.password")) { - config.putString( - "preop.internaldb.master.replicationpwd", v); + config.putString("preop.internaldb.master.bindpwd", v); + } else if (name.equals("internaldb.replication.password")) { + config.putString("preop.internaldb.master.replicationpwd", v); } else if (name.equals("instanceId")) { config.putString("preop.master.instanceId", v); } else if (name.equals("cloning.cert.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString("preop.cert.signing.nickname", v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString( - "preop.master.ocsp_signing.nickname", v); - config.putString( - "preop.cert.ocsp_signing.nickname", v); + config.putString("preop.master.ocsp_signing.nickname", v); + config.putString("preop.cert.ocsp_signing.nickname", v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", - v); + config.putString("preop.master.subsystem.nickname", v); config.putString("preop.cert.subsystem.nickname", v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", - v); + config.putString("preop.master.transport.nickname", v); config.putString("kra.transportUnit.nickName", v); config.putString("preop.cert.transport.nickname", v); } else if (name.equals("cloning.storage.nickname")) { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name - .equals("cloning.audit_signing.nickname")) { - config.putString( - "preop.master.audit_signing.nickname", v); - config.putString( - "preop.cert.audit_signing.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString("preop.cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.startsWith("cloning.ca")) { - config.putString( - name.replaceFirst("cloning", "preop"), v); + config.putString(name.replaceFirst("cloning", "preop"), v); } else if (name.equals("cloning.signing.keyalgorithm")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + config.putString(name.replaceFirst("cloning", "preop.cert"), v); if (cstype.equals("CA")) { - config.putString( - "ca.crl.MasterCRL.signingAlgorithm", v); - config.putString( - "ca.signing.defaultSigningAlgorithm", v); + config.putString("ca.crl.MasterCRL.signingAlgorithm", v); + config.putString("ca.signing.defaultSigningAlgorithm", v); } else if (cstype.equals("OCSP")) { - config.putString( - "ocsp.signing.defaultSigningAlgorithm", - v); + config.putString("ocsp.signing.defaultSigningAlgorithm", v); } - } else if (name - .equals("cloning.transport.keyalgorithm")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); - config.putString( - "kra.transportUnit.signingAlgorithm", v); - } else if (name - .equals("cloning.ocsp_signing.keyalgorithm")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + } else if (name.equals("cloning.transport.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString("kra.transportUnit.signingAlgorithm", v); + } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); if (cstype.equals("CA")) { - config.putString( - "ca.ocsp_signing.defaultSigningAlgorithm", - v); + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v); } } else if (name.startsWith("cloning")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + config.putString(name.replaceFirst("cloning", "preop.cert"), v); } else { config.putString(name, v); } @@ -723,14 +686,12 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw new IOException(e.toString()); } } @@ -746,16 +707,15 @@ public class WizardPanelBase implements IWizardPanel { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::authenticate() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::authenticate() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -769,7 +729,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -779,27 +739,26 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) + throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); - throw new IOException( - "The server you want to contact is not available"); + throw new IOException("The server you want to contact is not available"); } else { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateOCSPConfig() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateOCSPConfig() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -815,7 +774,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -826,11 +785,11 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname - + " port=" + port); + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; try { @@ -839,25 +798,23 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, "/" + cstype + "/ee/" - + cstype + "/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, + "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); - throw new IOException( - "The server you want to contact is not available"); + throw new IOException("The server you want to contact is not available"); } else { - CMS.debug("content=" + c); + CMS.debug("content="+c); try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateNumberRange() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateNumberRange() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -886,7 +843,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -899,24 +856,24 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) + throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getPort() - " + "Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -932,7 +889,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -946,16 +903,14 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) - throws IOException { - return getHttpResponse(hostname, port, secure, uri, content, - clientnickname, null); + String uri, String content, String clientnickname) throws IOException { + return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -984,8 +939,7 @@ public class WizardPanelBase implements IWizardPanel { if (content != null && content.length() > 0) { String content_c = content; - httprequest - .setHeader("content-length", "" + content_c.length()); + httprequest.setHeader("content-length", "" + content_c.length()); httprequest.setContent(content_c); } HttpResponse httpresponse = httpclient.send(httprequest); @@ -993,8 +947,7 @@ public class WizardPanelBase implements IWizardPanel { c = httpresponse.getContent(); } catch (ConnectException e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); - throw new IOException( - "The server you tried to contact is not running."); + throw new IOException("The server you tried to contact is not running."); } catch (Exception e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); throw new IOException(e.toString()); @@ -1007,55 +960,56 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster(IConfigStore config) { - String dm = "false"; + public boolean isSDHostDomainMaster (IConfigStore config) { + String dm="false"; try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName("CA"); + NodeList nodeList = doc.getElementsByTagName( "CA" ); int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host"); - - Vector v_https_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); - - Vector v_domain_mgr = parser.getValuesFromContainer( - nodeList.item(i), "DomainManager"); - - if (v_hostname.elementAt(0).equals(hostname) - && v_https_admin_port.elementAt(0).equals( - Integer.toString(httpsadminport))) { - dm = v_domain_mgr.elementAt(0).toString(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + Vector v_domain_mgr = + parser.getValuesFromContainer( nodeList.item(i), + "DomainManager" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { + dm = v_domain_mgr.elementAt( 0 ).toString(); break; } } } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug( e.toString() ); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, - String type, String portType) { + + public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1072,13 +1026,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") - && !portType.equals("SecureAgentPort") - && !portType.equals("SecurePort") - && !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + "unknown port type " - + portType); + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); return v; } @@ -1088,15 +1042,16 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", parser.getValue("Name")); + config.putString("securitydomain.name", + parser.getValue("Name")); int len = nodeList.getLength(); CMS.debug("Len " + len); for (int i = 0; i < len; i++) { - Vector v_clone = parser.getValuesFromContainer( - nodeList.item(i), "Clone"); - String clone = (String) v_clone.elementAt(0); + Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), + "Clone"); + String clone = (String)v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1106,8 +1061,11 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement(v_name.elementAt(0) + " - https://" - + v_host.elementAt(0) + ":" + v_port.elementAt(0)); + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1116,14 +1074,14 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain(IConfigStore config, - String type, String portType) { + public Vector getUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1140,13 +1098,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") - && !portType.equals("SecureAgentPort") - && !portType.equals("SecurePort") - && !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + "unknown port type " - + portType); + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); return v; } @@ -1156,7 +1114,8 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", parser.getValue("Name")); + config.putString("securitydomain.name", + parser.getValue("Name")); int len = nodeList.getLength(); @@ -1168,20 +1127,22 @@ public class WizardPanelBase implements IWizardPanel { "Host"); Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - Vector v_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); + Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); - if (v_host.elementAt(0).equals(hostname) - && v_admin_port.elementAt(0).equals( - new Integer(httpsadminport).toString())) { + if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add(0, - v_name.elementAt(0) + " - https://" - + v_host.elementAt(0) + ":" - + v_port.elementAt(0)); + v.add( 0, v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } else { - v.addElement(v_name.elementAt(0) + " - https://" - + v_host.elementAt(0) + ":" + v_port.elementAt(0)); + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } } } catch (Exception e) { @@ -1193,147 +1154,155 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort(IConfigStore config, - String hostname, String https_ee_port, String cstype) { + public String getSecurityDomainAdminPort( IConfigStore config, + String hostname, + String https_ee_port, + String cstype ) { String https_admin_port = new String(); try { - String sd_hostname = config.getString("securitydomain.host"); - int sd_httpsadminport = config - .getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA ..."); - String c = getDomainXML(sd_hostname, sd_httpsadminport, true); - - CMS.debug("Getting associated HTTPS Admin port from " - + "HTTPS Hostname '" + hostname + "' and EE port '" - + https_ee_port + "'"); - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); + String sd_hostname = config.getString( "securitydomain.host" ); + int sd_httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + + CMS.debug( "Getting associated HTTPS Admin port from " + + "HTTPS Hostname '" + hostname + + "' and EE port '" + https_ee_port + "'" ); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); + NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host"); - - Vector v_https_ee_port = parser.getValuesFromContainer( - nodeList.item(i), "SecurePort"); - - Vector v_https_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); - - if (v_hostname.elementAt(0).equals(hostname) - && v_https_ee_port.elementAt(0).equals(https_ee_port)) { - https_admin_port = v_https_admin_port.elementAt(0) - .toString(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_ee_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + https_admin_port = + v_https_admin_port.elementAt( 0 ).toString(); break; } } } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug( e.toString() ); } - return (https_admin_port); + return( https_admin_port ); } - public String getSecurityDomainPort(IConfigStore config, String portType) { + public String getSecurityDomainPort( IConfigStore config, + String portType ) { String port = new String(); try { - String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA ..."); - String c = getDomainXML(hostname, httpsadminport, true); - - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") - && !portType.equals("SecureAgentPort") - && !portType.equals("SecurePort") - && !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + "unknown port type " - + portType); + String hostname = config.getString( "securitydomain.host" ); + int httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( hostname, httpsadminport, true ); + + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName("CA"); + NodeList nodeList = doc.getElementsByTagName( "CA" ); int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector v_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); + for( int i = 0; i < len; i++ ) { + Vector v_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); Vector v_port = null; - if (portType.equals("UnSecurePort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "UnSecurePort"); - } else if (portType.equals("SecureAgentPort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAgentPort"); - } else if (portType.equals("SecurePort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecurePort"); - } else if (portType.equals("SecureAdminPort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); + if( portType.equals( "UnSecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "UnSecurePort" ); + } else if( portType.equals( "SecureAgentPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAgentPort" ); + } else if( portType.equals( "SecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + } else if( portType.equals( "SecureAdminPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); } - if ((v_port != null) - && (v_admin_port.elementAt(0).equals(Integer - .toString(httpsadminport)))) { - port = v_port.elementAt(0).toString(); + if( ( v_port != null ) && + ( v_admin_port.elementAt( 0 ).equals( + Integer.toString( httpsadminport ) ) ) ) { + port = v_port.elementAt( 0 ).toString(); break; } } } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug( e.toString() ); } - return (port); + return( port ); } - public String pingCS(String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { - CMS.debug("WizardPanelBase pingCS: started"); + public String pingCS( String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback ) + throws IOException { + CMS.debug( "WizardPanelBase pingCS: started" ); - String c = getHttpResponse(hostname, port, https, - "/ca/admin/ca/getStatus", null, null, certApprovalCallback); + String c = getHttpResponse( hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback ); - if (c != null) { + if( c != null ) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new + ByteArrayInputStream( c.getBytes() ); XMLObject parser = null; String state = null; try { - parser = new XMLObject(bis); - CMS.debug("WizardPanelBase pingCS: got XML parsed"); - state = parser.getValue("State"); + parser = new XMLObject( bis ); + CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); + state = parser.getValue( "State" ); - if (state != null) { - CMS.debug("WizardPanelBase pingCS: state=" + state); + if( state != null ) { + CMS.debug( "WizardPanelBase pingCS: state=" + state ); } } catch (Exception e) { - CMS.debug("WizardPanelBase: pingCS: parser failed" - + e.toString()); + CMS.debug( "WizardPanelBase: pingCS: parser failed" + + e.toString() ); } return state; - } catch (Exception e) { - CMS.debug("WizardPanelBase: pingCS: " + e.toString()); - throw new IOException(e.toString()); + } catch( Exception e ) { + CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); + throw new IOException( e.toString() ); } } - CMS.debug("WizardPanelBase pingCS: stopped"); + CMS.debug( "WizardPanelBase pingCS: stopped" ); return null; } @@ -1342,7 +1311,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1352,26 +1321,25 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); + String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getTokenInfo() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getTokenInfo() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -1382,7 +1350,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i = 0; i < len; i++) { + for (int i=0; i<len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1390,35 +1358,30 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j = 0; j < len1; j++) { + for (int j=0; j<len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString( - "preop.master.ocsp_signing.nickname", v); - config.putString(type - + ".cert.ocsp_signing.nickname", v); + config.putString("preop.master.ocsp_signing.nickname", v); + config.putString(type + ".cert.ocsp_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", - v); - config.putString(type + ".cert.subsystem.nickname", - v); + config.putString("preop.master.subsystem.nickname", v); + config.putString(type + ".cert.subsystem.nickname", v); config.putString(name, v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", - v); + config.putString("preop.master.transport.nickname", v); config.putString("kra.transportUnit.nickName", v); config.putString("kra.cert.transport.nickname", v); config.putString(name, v); @@ -1427,45 +1390,35 @@ public class WizardPanelBase implements IWizardPanel { config.putString("kra.storageUnit.nickName", v); config.putString("kra.cert.storage.nickname", v); config.putString(name, v); - } else if (name - .equals("cloning.audit_signing.nickname")) { - config.putString( - "preop.master.audit_signing.nickname", v); - config.putString(type - + ".cert.audit_signing.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString(type + ".cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.module.token")) { config.putString("preop.module.token", v); } else if (name.startsWith("cloning.ca")) { - config.putString( - name.replaceFirst("cloning", "preop"), v); + config.putString(name.replaceFirst("cloning", "preop"), v); } else if (name.startsWith("cloning")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + config.putString(name.replaceFirst("cloning", "preop.cert"), v); } else { config.putString(name, v); } } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", - "Internal Key Storage Token"); - if (!token.equals("Internal Key Storage Token")) { + String token = config.getString("preop.module.token", + "Internal Key Storage Token"); + if (! token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) - continue; - config.putString( - type + ".cert." + tag + ".nickname", - token - + ":" - + config.getString(type + ".cert." - + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) continue; + config.putString(type + ".cert." + tag + ".nickname", + token + ":" + + config.getString(type + ".cert." + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1478,7 +1431,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1489,32 +1442,31 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) { - } + } catch (Exception e) {} if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: " - + e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) - throws IOException { - updateCertChain(config, name, host, https_admin_port, https, context, - null); + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain( config, name, host, https_admin_port, + https, context, null ); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort(host, - https_admin_port, https, certApprovalCallback); - config.putString("preop." + name + ".pkcs7", certchain); + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort( host, + https_admin_port, + https, + certApprovalCallback ); + config.putString("preop."+name+".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1522,7 +1474,8 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", "Failed to get the certificate chain."); + context.put("errorString", + "Failed to get the certificate chain."); return; } @@ -1530,7 +1483,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop." + name + ".certchain.size", size); + config.putInteger("preop."+name+".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1491,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop." + name + ".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1551,13 +1504,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort(IConfigStore config, - String name, String host, int https_ee_port, boolean https, - Context context, ConfigCertApprovalCallback certApprovalCallback) - throws IOException { - String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, - https, certApprovalCallback); - config.putString("preop." + name + ".pkcs7", certchain); + public void updateCertChainUsingSecureEEPort( IConfigStore config, + String name, String host, + int https_ee_port, + boolean https, + Context context, + ConfigCertApprovalCallback certApprovalCallback ) throws IOException { + String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + https, + certApprovalCallback); + config.putString("preop."+name+".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1565,7 +1521,8 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", "Failed to get the certificate chain."); + context.put("errorString", + "Failed to get the certificate chain."); return; } @@ -1573,7 +1530,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop." + name + ".certchain.size", size); + config.putInteger("preop."+name+".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1581,11 +1538,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop." + name + ".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1600,28 +1557,27 @@ public class WizardPanelBase implements IWizardPanel { CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") - && !tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) - fullnickname = tokenname + ":" + nickname; + if (!tokenname.equals("") && + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + fullnickname = tokenname+":"+nickname; - CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); - org.mozilla.jss.crypto.X509Certificate cert = cm - .findCertByNickname(fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); + org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store) store; + PK11Store pk11store = (PK11Store)store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1633,32 +1589,29 @@ public class WizardPanelBase implements IWizardPanel { while (res.hasMoreElements()) { LDAPEntry entry = res.next(); String dn1 = entry.getDN(); - LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, - true, cons); + LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons); deleteEntries(res1, conn, dn1, entries); deleteEntry(conn, dn1, entries); } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception=" - + ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i = 0; i < entries.length; i++) { + for (int i=0; i<entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn " - + dn + " is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); } } @@ -1671,17 +1624,12 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" - + toLowerCaseSubsystemType(subsystem) - + "/admin/console/config/wizard?p=" + panel + "&subsystem=" - + subsystem; + String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://" + hostname + ":" + port - + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; + String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" - + e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); } } } |