summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java258
1 files changed, 128 insertions, 130 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
index edcd2bdf..8abafa15 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Hashtable;
@@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert;
/**
* A class representing a recoverBySerial servlet.
- *
+ *
* @version $Revision$, $Date$
*/
public class RecoverBySerial extends CMSServlet {
@@ -108,22 +107,22 @@ public class RecoverBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP request. The format of this request is as follows:
- * recoverBySerial?
- * [serialNumber=<number>]
- * [uid#=<uid>]
- * [pwd#=<password>]
- * [localAgents=yes|null]
- * [recoveryID=recoveryID]
- * [pkcs12Password=<password of pkcs12>]
- * [pkcs12PasswordAgain=<password of pkcs12>]
- * [pkcs12Delivery=<delivery mechanism for pkcs12>]
- * [cert=<encryption certificate>]
+ * recoverBySerial?
+ * [serialNumber=<number>]
+ * [uid#=<uid>]
+ * [pwd#=<password>]
+ * [localAgents=yes|null]
+ * [recoveryID=recoveryID]
+ * [pkcs12Password=<password of pkcs12>]
+ * [pkcs12PasswordAgain=<password of pkcs12>]
+ * [pkcs12Delivery=<delivery mechanism for pkcs12>]
+ * [cert=<encryption certificate>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -138,10 +137,10 @@ public class RecoverBySerial extends CMSServlet {
mAuthzResourceName, "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -156,9 +155,9 @@ public class RecoverBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -197,46 +196,46 @@ public class RecoverBySerial extends CMSServlet {
also be listed in the request.
*/
if ((initAsyncRecovery != null) &&
- initAsyncRecovery.equalsIgnoreCase("ON")) {
- process(form, argSet, header,
- req.getParameter(IN_SERIALNO),
- req.getParameter(IN_CERT),
- req, resp, locale[0]);
-
- int requiredNumber = mService.getNoOfRequiredAgents();
- header.addIntegerValue("noOfRequiredAgents", requiredNumber);
+ initAsyncRecovery.equalsIgnoreCase("ON")) {
+ process(form, argSet, header,
+ req.getParameter(IN_SERIALNO),
+ req.getParameter(IN_CERT),
+ req, resp, locale[0]);
+
+ int requiredNumber = mService.getNoOfRequiredAgents();
+ header.addIntegerValue("noOfRequiredAgents", requiredNumber);
} else {
String recoveryID = req.getParameter("recoveryID");
if (recoveryID != null && !recoveryID.equals("")) {
- ctx.put(SessionContext.RECOVERY_ID,
- req.getParameter("recoveryID"));
+ ctx.put(SessionContext.RECOVERY_ID,
+ req.getParameter("recoveryID"));
+ }
+ byte pkcs12[] = process(form, argSet, header,
+ req.getParameter(IN_SERIALNO),
+ req.getParameter("localAgents"),
+ req.getParameter(IN_PASSWORD),
+ req.getParameter(IN_PASSWORD_AGAIN),
+ req.getParameter(IN_CERT),
+ req.getParameter(IN_DELIVERY),
+ req.getParameter(IN_NICKNAME),
+ req, resp, locale[0]);
+
+ if (pkcs12 != null) {
+ //resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("application/x-pkcs12");
+ //resp.setContentLength(pkcs12.length);
+ resp.getOutputStream().write(pkcs12);
+ mRenderResult = false;
+ return;
}
- byte pkcs12[] = process(form, argSet, header,
- req.getParameter(IN_SERIALNO),
- req.getParameter("localAgents"),
- req.getParameter(IN_PASSWORD),
- req.getParameter(IN_PASSWORD_AGAIN),
- req.getParameter(IN_CERT),
- req.getParameter(IN_DELIVERY),
- req.getParameter(IN_NICKNAME),
- req, resp, locale[0]);
-
- if (pkcs12 != null) {
- //resp.setStatus(HttpServletResponse.SC_OK);
- resp.setContentType("application/x-pkcs12");
- //resp.setContentLength(pkcs12.length);
- resp.getOutputStream().write(pkcs12);
- mRenderResult = false;
- return;
- }
}
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (IOException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
} finally {
SessionContext.releaseContext();
}
@@ -249,9 +248,9 @@ public class RecoverBySerial extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -260,10 +259,10 @@ public class RecoverBySerial extends CMSServlet {
/**
* Async Key Recovery - request initiation
*/
- private void process(CMSTemplate form, CMSTemplateParams argSet,
- IArgBlock header, String seq, String cert,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplate form, CMSTemplateParams argSet,
+ IArgBlock header, String seq, String cert,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
// seq is the key id
if (seq == null) {
@@ -291,22 +290,22 @@ public class RecoverBySerial extends CMSServlet {
try {
String reqID = mService.initAsyncKeyRecovery(
- new BigInteger(seq), x509cert,
+ new BigInteger(seq), x509cert,
(String) sContext.get(SessionContext.USER_ID));
header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO));
header.addStringValue("requestID", reqID);
} catch (EBaseException e) {
String error =
- "Failed to recover key for key id " +
- seq + ".\nException: " + e.toString();
+ "Failed to recover key for key id " +
+ seq + ".\nException: " + e.toString();
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ ILogger.S_KRA, ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(seq, error);
} catch (EBaseException eb) {
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
}
}
return;
@@ -317,11 +316,11 @@ public class RecoverBySerial extends CMSServlet {
* provided by the administrator.
*/
private byte[] process(CMSTemplate form, CMSTemplateParams argSet,
- IArgBlock header, String seq, String localAgents,
- String password, String passwordAgain,
- String cert, String delivery, String nickname,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String seq, String localAgents,
+ String password, String passwordAgain,
+ String cert, String delivery, String nickname,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
if (seq == null) {
header.addStringValue(OUT_ERROR, "sequence number not found");
return null;
@@ -360,65 +359,65 @@ public class RecoverBySerial extends CMSServlet {
if (sContext != null) {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
- if (localAgents == null) {
- String recoveryID = req.getParameter("recoveryID");
+ if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
+ if (localAgents == null) {
+ String recoveryID = req.getParameter("recoveryID");
- if (recoveryID == null || recoveryID.equals("")) {
- header.addStringValue(OUT_ERROR, "No recovery ID specified");
- return null;
- }
- Hashtable params = mService.createRecoveryParams(recoveryID);
+ if (recoveryID == null || recoveryID.equals("")) {
+ header.addStringValue(OUT_ERROR, "No recovery ID specified");
+ return null;
+ }
+ Hashtable params = mService.createRecoveryParams(recoveryID);
- params.put("keyID", req.getParameter(IN_SERIALNO));
+ params.put("keyID", req.getParameter(IN_SERIALNO));
- header.addStringValue("recoveryID", recoveryID);
+ header.addStringValue("recoveryID", recoveryID);
- params.put("agent", agent);
+ params.put("agent", agent);
- // new thread to wait for pk12
- Thread waitThread = new WaitApprovalThread(recoveryID,
- seq, password, x509cert, delivery, nickname,
- SessionContext.getContext());
+ // new thread to wait for pk12
+ Thread waitThread = new WaitApprovalThread(recoveryID,
+ seq, password, x509cert, delivery, nickname,
+ SessionContext.getContext());
- waitThread.start();
- return null;
- } else {
- Vector v = new Vector();
-
- for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
- String uid = req.getParameter(IN_UID + i);
- String pwd = req.getParameter(IN_PWD + i);
-
- if (uid != null && pwd != null && !uid.equals("") &&
- !pwd.equals("")) {
- v.addElement(new Credential(uid, pwd));
- } else {
+ waitThread.start();
+ return null;
+ } else {
+ Vector v = new Vector();
+
+ for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
+ String uid = req.getParameter(IN_UID + i);
+ String pwd = req.getParameter(IN_PWD + i);
+
+ if (uid != null && pwd != null && !uid.equals("") &&
+ !pwd.equals("")) {
+ v.addElement(new Credential(uid, pwd));
+ } else {
+ header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
+ return null;
+ }
+ }
+ if (v.size() != mService.getNoOfRequiredAgents()) {
header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
return null;
}
+ creds = new Credential[v.size()];
+ v.copyInto(creds);
}
- if (v.size() != mService.getNoOfRequiredAgents()) {
- header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
- return null;
- }
- creds = new Credential[v.size()];
- v.copyInto(creds);
- }
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addIntegerValue(OUT_SERIALNO,
- Integer.parseInt(seq));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
- byte pkcs12[] = mService.doKeyRecovery(
- new BigInteger(seq),
- creds, password, x509cert,
- delivery, nickname, agent);
-
- return pkcs12;
- } else {
+ header.addStringValue(OUT_OP,
+ req.getParameter(OUT_OP));
+ header.addIntegerValue(OUT_SERIALNO,
+ Integer.parseInt(seq));
+ header.addStringValue(OUT_SERVICE_URL,
+ req.getRequestURI());
+ byte pkcs12[] = mService.doKeyRecovery(
+ new BigInteger(seq),
+ creds, password, x509cert,
+ delivery, nickname, agent);
+
+ return pkcs12;
+ } else {
String recoveryID = req.getParameter("recoveryID");
if (recoveryID == null || recoveryID.equals("")) {
@@ -440,7 +439,7 @@ public class RecoverBySerial extends CMSServlet {
waitThread.start();
return null;
- }
+ }
} catch (EBaseException e) {
header.addStringValue(OUT_ERROR, e.toString(locale));
} catch (Exception e) {
@@ -462,24 +461,24 @@ public class RecoverBySerial extends CMSServlet {
String theNickname = null;
SessionContext theSc = null;
- /**
+ /**
* Wait approval thread constructor including thread name
*/
public WaitApprovalThread(String recoveryID, String seq,
- String password, X509CertImpl cert,
- String delivery, String nickname, SessionContext sc) {
+ String password, X509CertImpl cert,
+ String delivery, String nickname, SessionContext sc) {
super();
- super.setName("waitApproval." + recoveryID + "-" +
- (Thread.activeCount() + 1));
+ super.setName("waitApproval." + recoveryID + "-" +
+ (Thread.activeCount() + 1));
theRecoveryID = recoveryID;
theSeq = seq;
thePassword = password;
theCert = cert;
theDelivery = delivery;
theNickname = nickname;
- theSc = sc;
+ theSc = sc;
}
-
+
public void run() {
SessionContext.setContext(theSc);
Credential creds[] = null;
@@ -487,17 +486,17 @@ public class RecoverBySerial extends CMSServlet {
try {
creds = mService.getDistributedCredentials(theRecoveryID);
} catch (EBaseException e) {
- String error =
- "Failed to get required approvals for recovery id " +
- theRecoveryID + ".\nException: " + e.toString();
+ String error =
+ "Failed to get required approvals for recovery id " +
+ theRecoveryID + ".\nException: " + e.toString();
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ ILogger.S_KRA, ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
} catch (EBaseException eb) {
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
}
return;
}
@@ -514,16 +513,16 @@ public class RecoverBySerial extends CMSServlet {
((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12);
} catch (EBaseException e) {
String error =
- "Failed to recover key for recovery id " +
- theRecoveryID + ".\nException: " + e.toString();
+ "Failed to recover key for recovery id " +
+ theRecoveryID + ".\nException: " + e.toString();
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ ILogger.S_KRA, ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
} catch (EBaseException eb) {
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
}
}
return;
@@ -531,4 +530,3 @@ public class RecoverBySerial extends CMSServlet {
}
}
-
generated by cgit (git 2.34.1) at 2024-05-19 08:46:08 +0000