diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java | 170 |
1 files changed, 87 insertions, 83 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 53d38455..19e343e6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * PKCS10Processor process Certificate Requests in - * PKCS10 format, as defined here: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * PKCS10Processor process Certificate Requests in PKCS10 format, as defined + * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -70,25 +67,20 @@ public class PKCS10Processor extends PKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { PKCS10 p10 = null; @@ -99,12 +91,13 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); - throw new EBaseException( "p10 is null" ); + CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); + throw new EBaseException("p10 is null"); } if (mServlet == null) { - EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null."); + EBaseException ex = new ECMSGWException( + "Servlet property of PKCS10Processor is null."); throw ex; @@ -114,22 +107,24 @@ public class PKCS10Processor extends PKIProcessor { X509Key key = p10.getSubjectPublicKeyInfo(); if (key == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); } CertificateX509Key certKey = new CertificateX509Key(key); try { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { - EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; } catch (IOException e) { - EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -139,33 +134,34 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - log(ILogger.LL_INFO, - "Setting subject name " + subject + " from p10."); + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subject)); + log(ILogger.LL_INFO, "Setting subject name " + subject + + " from p10."); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } // fill extensions from pkcs 10 attributes if any. @@ -176,45 +172,49 @@ public class PKCS10Processor extends PKIProcessor { PKCS10Attributes p10Attrs = p10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); - - if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs + .getAttribute(CertificateExtensions.NAME)); + + if (p10Attr != null + && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + Extensions exts0 = (Extensions) (p10Attr + .getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions(extIn); + CertificateExtensions exts = new CertificateExtensions( + extIn); if (exts != null) { certInfo.set(X509CertInfo.EXTENSIONS, exts); } } } - CMS.debug( - "PKCS10Processor: Seted cert extensions from pkcs10. "); + CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } // override pkcs10 attributes with authtoken attributes @@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor { // adminEnroll is an exception String authMgr = mServlet.getAuthMgr(); - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && - !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null + && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,12 +233,11 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } - private PKCS10 getPKCS10(IArgBlock httpParams) - throws EBaseException { + private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException { PKCS10 pkcs10 = null; @@ -246,17 +245,20 @@ public class PKCS10Processor extends PKIProcessor { // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType // instead of certType - certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); + certType = httpParams + .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); if (certType == null) { - certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client"); + certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, + "client"); } else { // some policies may rely on the fact that // CERT_TYPE is set. So for 3.5.1 or eariler - // we need to set CERT_TYPE but not here. + // we need to set CERT_TYPE but not here. } if (certType.equals("client")) { // coming from MSIE - String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null); + String p10b64 = httpParams.getValueAsString( + PKIProcessor.PKCS10_REQUEST, null); if (p10b64 != null) { try { @@ -266,18 +268,20 @@ public class PKCS10Processor extends PKIProcessor { } catch (Exception e) { // ok, if the above fails, it could // be a PKCS10 with header - pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); + pkcs10 = httpParams.getValueAsPKCS10( + PKIProcessor.PKCS10_REQUEST, false, null); // e.printStackTrace(); } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. - pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); - }catch (Exception ex) { + pkcs10 = httpParams.getValueAsPKCS10( + PKIProcessor.PKCS10_REQUEST, false, null); + } catch (Exception ex) { ex.printStackTrace(); } } @@ -286,4 +290,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} |