diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java | 196 |
1 files changed, 101 insertions, 95 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 1e44dad1..2d3f1874 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CMC messages according to RFC 2797 - * See http://www.ietf.org/rfc/rfc2797.txt - * + * Process CMC messages according to RFC 2797 See + * http://www.ietf.org/rfc/rfc2797.txt + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -87,56 +85,56 @@ public class CMCProcessor extends PKIProcessor { super(); } - public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { + public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, + boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { } - public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; try { byte[] cmcBlob = CMS.AtoB(cmc); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob); - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo + .getTemplate().decode(cmcBlobIn); - if - (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + if (!cmcReq.getContentType().equals( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) + || !cmcReq.hasContent()) + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); - SignedData cmcFullReq = (SignedData) - cmcReq.getInterpretedContent(); + SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) + || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE reqSequence = pkiData.getReqSequence(); @@ -144,10 +142,11 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. - TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); + TaggedRequest taggedRequest = (TaggedRequest) reqSequence + .elementAt(i); TaggedRequest.Type type = taggedRequest.getType(); @@ -157,35 +156,37 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); - CertificationRequest p10 = - tcr.getCertificationRequest(); + CertificationRequest p10 = tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); p10.encode(ostream); - PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet); + PKCS10Processor pkcs10Processor = new PKCS10Processor( + mRequest, mServlet); try { PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - //xxx do we need to do anything else? + // xxx do we need to do anything else? X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams); + pkcs10Processor.fillCertInfo(pkcs10, certInfo, + authToken, httpParams); - /* fillPKCS10(pkcs10,certInfo, - authToken, httpParams); + /* + * fillPKCS10(pkcs10,certInfo, authToken, httpParams); */ certInfoArray[i] = certInfo; } catch (Exception e) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_PKCS10_ERROR", e.toString())); } } else if (type.equals(TaggedRequest.CRMF)) { - CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(mRequest, + mServlet, enforcePop); CertReqMsg crm = taggedRequest.getCrm(); CertRequest certReq = crm.getCertReq(); @@ -195,10 +196,12 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, + authToken, httpParams); } else { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); } } @@ -208,13 +211,11 @@ public class CMCProcessor extends PKIProcessor { Hashtable digs = new Hashtable(); for (int i = 0; i < numDig; i++) { - AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); - String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + AlgorithmIdentifier dai = (AlgorithmIdentifier) dais + .elementAt(i); + String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest md = MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -225,9 +226,8 @@ public class CMCProcessor extends PKIProcessor { int numSis = sis.size(); for (int i = 0; i < numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo) - sis.elementAt(i); + org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis + .elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,9 +243,10 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if - (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); + if (sid.getType().equals( + SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + IssuerAndSerialNumber issuerAndSerialNumber = sid + .getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -254,21 +255,23 @@ public class CMCProcessor extends PKIProcessor { int numCerts = certs.size(); for (int j = 0; j < numCerts; j++) { - Certificate certJss = - (Certificate) certs.elementAt(j); - CertificateInfo certI = - certJss.getInfo(); + Certificate certJss = (Certificate) certs + .elementAt(j); + CertificateInfo certI = certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if ( - new String(issuerB).equals(new - String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { - ByteArrayOutputStream os = new - ByteArrayOutputStream(); + if (new String(issuerB) + .equals(new String(ASN1Util + .encode(issuerAndSerialNumber + .getIssuer()))) + && sn.toString().equals( + issuerAndSerialNumber + .getSerialNumber() + .toString())) { + ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -295,8 +298,7 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, + PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -309,21 +311,25 @@ public class CMCProcessor extends PKIProcessor { PublicKey signKey = null; while (signKey == null && j < numReqs) { - X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY); + X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j] + .get(X509CertInfo.KEY)) + .get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(subjectKeyInfo.getEncoded()); byte[] skib = md.digest(); - if (new String(skib).equals(new String(ski.toByteArray()))) { + if (new String(skib).equals(new String(ski + .toByteArray()))) { signKey = subjectKeyInfo; } j++; } if (signKey == null) { - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", - "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); + throw new ECMSGWException( + CMS.getUserMessage( + "CMS_GW_CMC_ERROR", + "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; String alg = signKey.getAlgorithm(); @@ -334,8 +340,7 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = PK11PubKey.fromRaw( - keyType, + PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -351,8 +356,8 @@ public class CMCProcessor extends PKIProcessor { int numControls = controls.size(); for (int i = 0; i < numControls; i++) { - TaggedAttribute control = - (TaggedAttribute) controls.elementAt(i); + TaggedAttribute control = (TaggedAttribute) controls + .elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -363,10 +368,9 @@ public class CMCProcessor extends PKIProcessor { if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) - values.elementAt(j); - INTEGER transId = (INTEGER) ((ANY) val).decodeWith( - INTEGER.getTemplate()); + ANY val = (ANY) values.elementAt(j); + INTEGER transId = (INTEGER) ((ANY) val) + .decodeWith(INTEGER.getTemplate()); if (transId != null) { vals[j] = transId.toString(); @@ -374,17 +378,15 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) - values.elementAt(j); - OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + ANY val = (ANY) values.elementAt(j); + OCTET_STRING nonce = (OCTET_STRING) ((ANY) val) + .decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -409,27 +411,31 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - }catch (Exception e) { + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + } catch (Exception e) { + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + e.toString())); } } |