summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java170
1 files changed, 83 insertions, 87 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 19e343e6..53d38455 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -45,10 +46,12 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
- * PKCS10Processor process Certificate Requests in PKCS10 format, as defined
- * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ * PKCS10Processor process Certificate Requests in
+ * PKCS10 format, as defined here:
+ * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
+ *
* @version $Revision$, $Date$
*/
public class PKCS10Processor extends PKIProcessor {
@@ -58,7 +61,7 @@ public class PKCS10Processor extends PKIProcessor {
private final String USE_INTERNAL_PKCS10 = "internal";
public PKCS10Processor() {
-
+
super();
}
@@ -67,20 +70,25 @@ public class PKCS10Processor extends PKIProcessor {
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
- public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public void fillCertInfo(
+ PKCS10 pkcs10, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
mPkcs10 = pkcs10;
-
- fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
+
+ fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
}
- public void fillCertInfo(String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public void fillCertInfo(
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
PKCS10 p10 = null;
@@ -91,13 +99,12 @@ public class PKCS10Processor extends PKIProcessor {
} else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
p10 = mPkcs10;
} else {
- CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
- throw new EBaseException("p10 is null");
+ CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
+ throw new EBaseException( "p10 is null" );
}
if (mServlet == null) {
- EBaseException ex = new ECMSGWException(
- "Servlet property of PKCS10Processor is null.");
+ EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null.");
throw ex;
@@ -107,24 +114,22 @@ public class PKCS10Processor extends PKIProcessor {
X509Key key = p10.getSubjectPublicKeyInfo();
if (key == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
}
CertificateX509Key certKey = new CertificateX509Key(key);
try {
certInfo.set(X509CertInfo.KEY, certKey);
} catch (CertificateException e) {
- EBaseException ex = new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
} catch (IOException e) {
- EBaseException ex = new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
@@ -134,34 +139,33 @@ public class PKCS10Processor extends PKIProcessor {
if (subject != null) {
try {
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- subject));
- log(ILogger.LL_INFO, "Setting subject name " + subject
- + " from p10.");
+ certInfo.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(subject));
+ log(ILogger.LL_INFO,
+ "Setting subject name " + subject + " from p10.");
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in X500 name parsing,
// this will catch it.
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
}
- } else if (authToken == null
- || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ } else if (authToken == null ||
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
}
// fill extensions from pkcs 10 attributes if any.
@@ -172,49 +176,45 @@ public class PKCS10Processor extends PKIProcessor {
PKCS10Attributes p10Attrs = p10.getAttributes();
if (p10Attrs != null) {
- PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs
- .getAttribute(CertificateExtensions.NAME));
-
- if (p10Attr != null
- && p10Attr.getAttributeId().equals(
- PKCS9Attribute.EXTENSION_REQUEST_OID)) {
- Extensions exts0 = (Extensions) (p10Attr
- .getAttributeValue());
+ PKCS10Attribute p10Attr = (PKCS10Attribute)
+ (p10Attrs.getAttribute(CertificateExtensions.NAME));
+
+ if (p10Attr != null && p10Attr.getAttributeId().equals(
+ PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ Extensions exts0 = (Extensions)
+ (p10Attr.getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
byte[] extB = extOut.toByteArray();
DerInputStream extIn = new DerInputStream(extB);
- CertificateExtensions exts = new CertificateExtensions(
- extIn);
+ CertificateExtensions exts = new CertificateExtensions(extIn);
if (exts != null) {
certInfo.set(X509CertInfo.EXTENSIONS, exts);
}
}
}
- CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. ");
+ CMS.debug(
+ "PKCS10Processor: Seted cert extensions from pkcs10. ");
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in extensions parsing,
// this will catch it.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
}
// override pkcs10 attributes with authtoken attributes
@@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor {
// adminEnroll is an exception
String authMgr = mServlet.getAuthMgr();
- if (authToken != null
- && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null
- && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
+ if (authToken != null &&
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
+ !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
fillCertInfoFromAuthToken(certInfo, authToken);
}
@@ -233,11 +233,12 @@ public class PKCS10Processor extends PKIProcessor {
// from the http parameters.
if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
fillValidityFromForm(certInfo, httpParams);
- }
-
+ }
+
}
- private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException {
+ private PKCS10 getPKCS10(IArgBlock httpParams)
+ throws EBaseException {
PKCS10 pkcs10 = null;
@@ -245,20 +246,17 @@ public class PKCS10Processor extends PKIProcessor {
// support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
// instead of certType
- certType = httpParams
- .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
+ certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
if (certType == null) {
- certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE,
- "client");
+ certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client");
} else {
// some policies may rely on the fact that
// CERT_TYPE is set. So for 3.5.1 or eariler
- // we need to set CERT_TYPE but not here.
+ // we need to set CERT_TYPE but not here.
}
if (certType.equals("client")) {
// coming from MSIE
- String p10b64 = httpParams.getValueAsString(
- PKIProcessor.PKCS10_REQUEST, null);
+ String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null);
if (p10b64 != null) {
try {
@@ -268,20 +266,18 @@ public class PKCS10Processor extends PKIProcessor {
} catch (Exception e) {
// ok, if the above fails, it could
// be a PKCS10 with header
- pkcs10 = httpParams.getValueAsPKCS10(
- PKIProcessor.PKCS10_REQUEST, false, null);
+ pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
// e.printStackTrace();
}
}
- // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+ //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
} else {
try {
// coming from server cut & paste blob.
- pkcs10 = httpParams.getValueAsPKCS10(
- PKIProcessor.PKCS10_REQUEST, false, null);
- } catch (Exception ex) {
+ pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
+ }catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -290,4 +286,4 @@ public class PKCS10Processor extends PKIProcessor {
}
-}
+}
generated by cgit (git 2.34.1) at 2024-05-20 20:36:14 +0000