summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java170
1 files changed, 87 insertions, 83 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 53d38455..19e343e6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * PKCS10Processor process Certificate Requests in
- * PKCS10 format, as defined here:
- * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ * PKCS10Processor process Certificate Requests in PKCS10 format, as defined
+ * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
+ *
* @version $Revision$, $Date$
*/
public class PKCS10Processor extends PKIProcessor {
@@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor {
private final String USE_INTERNAL_PKCS10 = "internal";
public PKCS10Processor() {
-
+
super();
}
@@ -70,25 +67,20 @@ public class PKCS10Processor extends PKIProcessor {
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
- public void fillCertInfo(
- PKCS10 pkcs10, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
mPkcs10 = pkcs10;
-
- fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
+
+ fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
}
- public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
PKCS10 p10 = null;
@@ -99,12 +91,13 @@ public class PKCS10Processor extends PKIProcessor {
} else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
p10 = mPkcs10;
} else {
- CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
- throw new EBaseException( "p10 is null" );
+ CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
+ throw new EBaseException("p10 is null");
}
if (mServlet == null) {
- EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null.");
+ EBaseException ex = new ECMSGWException(
+ "Servlet property of PKCS10Processor is null.");
throw ex;
@@ -114,22 +107,24 @@ public class PKCS10Processor extends PKIProcessor {
X509Key key = p10.getSubjectPublicKeyInfo();
if (key == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
}
CertificateX509Key certKey = new CertificateX509Key(key);
try {
certInfo.set(X509CertInfo.KEY, certKey);
} catch (CertificateException e) {
- EBaseException ex = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
} catch (IOException e) {
- EBaseException ex = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
@@ -139,33 +134,34 @@ public class PKCS10Processor extends PKIProcessor {
if (subject != null) {
try {
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
- log(ILogger.LL_INFO,
- "Setting subject name " + subject + " from p10.");
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ subject));
+ log(ILogger.LL_INFO, "Setting subject name " + subject
+ + " from p10.");
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in X500 name parsing,
// this will catch it.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
}
- } else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ } else if (authToken == null
+ || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
}
// fill extensions from pkcs 10 attributes if any.
@@ -176,45 +172,49 @@ public class PKCS10Processor extends PKIProcessor {
PKCS10Attributes p10Attrs = p10.getAttributes();
if (p10Attrs != null) {
- PKCS10Attribute p10Attr = (PKCS10Attribute)
- (p10Attrs.getAttribute(CertificateExtensions.NAME));
-
- if (p10Attr != null && p10Attr.getAttributeId().equals(
- PKCS9Attribute.EXTENSION_REQUEST_OID)) {
- Extensions exts0 = (Extensions)
- (p10Attr.getAttributeValue());
+ PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs
+ .getAttribute(CertificateExtensions.NAME));
+
+ if (p10Attr != null
+ && p10Attr.getAttributeId().equals(
+ PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ Extensions exts0 = (Extensions) (p10Attr
+ .getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
byte[] extB = extOut.toByteArray();
DerInputStream extIn = new DerInputStream(extB);
- CertificateExtensions exts = new CertificateExtensions(extIn);
+ CertificateExtensions exts = new CertificateExtensions(
+ extIn);
if (exts != null) {
certInfo.set(X509CertInfo.EXTENSIONS, exts);
}
}
}
- CMS.debug(
- "PKCS10Processor: Seted cert extensions from pkcs10. ");
+ CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. ");
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in extensions parsing,
// this will catch it.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
}
// override pkcs10 attributes with authtoken attributes
@@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor {
// adminEnroll is an exception
String authMgr = mServlet.getAuthMgr();
- if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
- !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
+ if (authToken != null
+ && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null
+ && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
fillCertInfoFromAuthToken(certInfo, authToken);
}
@@ -233,12 +233,11 @@ public class PKCS10Processor extends PKIProcessor {
// from the http parameters.
if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
fillValidityFromForm(certInfo, httpParams);
- }
-
+ }
+
}
- private PKCS10 getPKCS10(IArgBlock httpParams)
- throws EBaseException {
+ private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException {
PKCS10 pkcs10 = null;
@@ -246,17 +245,20 @@ public class PKCS10Processor extends PKIProcessor {
// support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
// instead of certType
- certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
+ certType = httpParams
+ .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
if (certType == null) {
- certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client");
+ certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE,
+ "client");
} else {
// some policies may rely on the fact that
// CERT_TYPE is set. So for 3.5.1 or eariler
- // we need to set CERT_TYPE but not here.
+ // we need to set CERT_TYPE but not here.
}
if (certType.equals("client")) {
// coming from MSIE
- String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null);
+ String p10b64 = httpParams.getValueAsString(
+ PKIProcessor.PKCS10_REQUEST, null);
if (p10b64 != null) {
try {
@@ -266,18 +268,20 @@ public class PKCS10Processor extends PKIProcessor {
} catch (Exception e) {
// ok, if the above fails, it could
// be a PKCS10 with header
- pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
+ pkcs10 = httpParams.getValueAsPKCS10(
+ PKIProcessor.PKCS10_REQUEST, false, null);
// e.printStackTrace();
}
}
- //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+ // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
} else {
try {
// coming from server cut & paste blob.
- pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
- }catch (Exception ex) {
+ pkcs10 = httpParams.getValueAsPKCS10(
+ PKIProcessor.PKCS10_REQUEST, false, null);
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -286,4 +290,4 @@ public class PKCS10Processor extends PKIProcessor {
}
-}
+}
generated by cgit (git 2.34.1) at 2024-05-05 08:52:16 +0000