summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java169
1 files changed, 93 insertions, 76 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
index f228b2da..c365d0f8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
+
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
@@ -45,19 +46,22 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
+
/**
* Configure the CA to respond to OCSP requests for a CA
- *
+ *
* @version $Revision$ $Date$
*/
public class AddCAServlet extends CMSServlet {
-
+
/**
*
*/
private static final long serialVersionUID = 1065151608542115340L;
- public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----";
- public static final String END_HEADER = "-----END CERTIFICATE-----";
+ public static final String BEGIN_HEADER =
+ "-----BEGIN CERTIFICATE-----";
+ public static final String END_HEADER =
+ "-----END CERTIFICATE-----";
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
@@ -66,8 +70,10 @@ public class AddCAServlet extends CMSServlet {
private String mFormPath = null;
private IOCSPAuthority mOCSPAuthority = null;
- private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
- private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST =
+ "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
public AddCAServlet() {
super();
@@ -76,7 +82,7 @@ public class AddCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCA.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -94,18 +100,19 @@ public class AddCAServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param cert ca certificate. The format is base-64, DER encoded,
- * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE-----
- * strings
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA
- * is attempted to be added to the OCSP responder
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used
- * when an add CA request to the OCSP Responder is processed
+ * <li>http.param cert ca certificate. The format is base-64, DER
+ * encoded, wrapped with -----BEGIN CERTIFICATE-----,
+ * -----END CERTIFICATE----- strings
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when
+ * a CA is attempted to be added to the OCSP responder
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED
+ * used when an add CA request to the OCSP Responder is processed
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq) throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
String auditMessage = null;
@@ -118,8 +125,8 @@ public class AddCAServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "add");
+ authzToken = authorize(mAclMethod, authToken,
+ mAuthzResourceName, "add");
} catch (Exception e) {
// do nothing for now
}
@@ -136,21 +143,20 @@ public class AddCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
- if (auditSubjectID.equals(ILogger.NONROLEUSER)
- || auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
+ auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
+ CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
auditSubjectID = uid;
}
}
@@ -158,42 +164,47 @@ public class AddCAServlet extends CMSServlet {
if (b64 == null) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID,
- ILogger.FAILURE, ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- audit(auditMessage);
+ audit( auditMessage );
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
- "CMS_GW_MISSING_CA_CERT"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT"));
}
auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim()));
// record the fact that a request to add CA is made
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID,
- ILogger.SUCCESS, auditCA);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditCA);
- audit(auditMessage);
+ audit( auditMessage );
if (b64.indexOf(BEGIN_HEADER) == -1) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit(auditMessage);
+ audit( auditMessage );
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
- "CMS_GW_MISSING_CERT_HEADER"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
}
if (b64.indexOf(END_HEADER) == -1) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit(auditMessage);
+ audit( auditMessage );
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
- "CMS_GW_MISSING_CERT_FOOTER"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
}
IDefStore defStore = mOCSPAuthority.getDefaultStore();
@@ -204,15 +215,17 @@ public class AddCAServlet extends CMSServlet {
try {
X509Certificate cert = Cert.mapCert(b64);
- if (cert == null) {
- CMS.debug("AddCAServlet::process() - cert is null!");
+ if( cert == null ) {
+ CMS.debug( "AddCAServlet::process() - cert is null!" );
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit(auditMessage);
+ audit( auditMessage );
- throw new EBaseException("cert is null");
+ throw new EBaseException( "cert is null" );
} else {
certs = new X509Certificate[1];
}
@@ -226,8 +239,7 @@ public class AddCAServlet extends CMSServlet {
try {
// this could be a chain
certs = Cert.mapCertFromPKCS7(b64);
- if (certs[0].getSubjectDN().getName()
- .equals(certs[0].getIssuerDN().getName())) {
+ if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) {
leafCert = certs[certs.length - 1];
} else {
leafCert = certs[0];
@@ -235,13 +247,15 @@ public class AddCAServlet extends CMSServlet {
auditCASubjectDN = leafCert.getSubjectDN().getName();
} catch (Exception e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit(auditMessage);
+ audit( auditMessage );
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
}
}
if (certs != null && certs.length > 0) {
@@ -250,29 +264,32 @@ public class AddCAServlet extends CMSServlet {
// (2) store certificate (and certificate chain) into
// database
ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
- leafCert.getSubjectDN().getName(), BIG_ZERO, MINUS_ONE,
- null, null);
+ leafCert.getSubjectDN().getName(),
+ BIG_ZERO,
+ MINUS_ONE, null, null);
try {
- rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT,
- leafCert.getEncoded());
+ rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
} catch (Exception e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit(auditMessage);
+ audit( auditMessage );
// error
}
defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
- log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate "
- + leafCert.getSubjectDN().getName());
+ log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID, ILogger.SUCCESS, auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditCASubjectDN);
- audit(auditMessage);
+ audit( auditMessage );
}
try {
@@ -280,18 +297,18 @@ public class AddCAServlet extends CMSServlet {
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
generated by cgit (git 2.34.1) at 2024-05-19 10:03:25 +0000