summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java190
1 files changed, 97 insertions, 93 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
index b81b6831..625808d7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Date;
@@ -41,9 +42,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
* Process Certificate Requests
- *
+ *
* @version $Revision$, $Date$
*/
public class PKIProcessor implements IPKIProcessor {
@@ -55,7 +57,7 @@ public class PKIProcessor implements IPKIProcessor {
public static final String PKCS10_REQUEST = "pkcs10Request";
public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
- protected CMSRequest mRequest = null;
+ protected CMSRequest mRequest = null;
protected HttpServletRequest httpReq = null;
protected String mServletId = null;
@@ -81,27 +83,31 @@ public class PKIProcessor implements IPKIProcessor {
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
- protected void fillCertInfo(String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ protected void fillCertInfo(
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
}
- protected X509CertInfo[] fillCertInfoArray(String protocolString,
- IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ protected X509CertInfo[] fillCertInfoArray(
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
return null;
}
/**
- * fill subject name, validity, extensions from authoken if any, overriding
- * what was in pkcs10. fill subject name, extensions from http input if not
- * authenticated. requests not authenticated will need to be approved by an
- * agent.
+ * fill subject name, validity, extensions from authoken if any,
+ * overriding what was in pkcs10.
+ * fill subject name, extensions from http input if not authenticated.
+ * requests not authenticated will need to be approved by an agent.
*/
- public static void fillCertInfoFromAuthToken(X509CertInfo certInfo,
- IAuthToken authToken) throws EBaseException {
+ public static void fillCertInfoFromAuthToken(
+ X509CertInfo certInfo, IAuthToken authToken)
+ throws EBaseException {
// override subject, validity and extensions from auth token
// CA determines algorithm, version and issuer.
// take key from keygen, cmc, pkcs10 or crmf.
@@ -109,62 +115,61 @@ public class PKIProcessor implements IPKIProcessor {
CMS.debug("PKIProcessor: fillCertInfoFromAuthToken");
// subject name.
try {
- String subjectname = authToken
- .getInString(AuthToken.TOKEN_CERT_SUBJECT);
+ String subjectname =
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
if (subjectname != null) {
- CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName(
- new X500Name(subjectname));
+ CertificateSubjectName certSubject = (CertificateSubjectName)
+ new CertificateSubjectName(new X500Name(subjectname));
certInfo.set(X509CertInfo.SUBJECT, certSubject);
- log(ILogger.LL_INFO, "cert subject set to " + certSubject
- + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert subject set to " + certSubject + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
// validity
try {
CertificateValidity validity = null;
- Date notBefore = authToken
- .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
- Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+ Date notBefore =
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+ Date notAfter =
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO, "cert validity set to " + validity
- + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert validity set to " + validity + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
}
// extensions
try {
- CertificateExtensions extensions = authToken
- .getInCertExts(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions =
+ authToken.getInCertExts(X509CertInfo.EXTENSIONS);
if (extensions != null) {
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -172,78 +177,73 @@ public class PKIProcessor implements IPKIProcessor {
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
}
}
/**
- * fill subject name, extension from form. this is done for unauthenticated
- * requests. unauthenticated requests must be approved by agents so these
- * will all be seen by and agent.
+ * fill subject name, extension from form.
+ * this is done for unauthenticated requests.
+ * unauthenticated requests must be approved by agents so these will
+ * all be seen by and agent.
*/
- public static void fillCertInfoFromForm(X509CertInfo certInfo,
- IArgBlock httpParams) throws EBaseException {
+ public static void fillCertInfoFromForm(
+ X509CertInfo certInfo, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("PKIProcessor: fillCertInfoFromForm");
// subject name.
try {
- String subject = httpParams.getValueAsString(
- PKIProcessor.SUBJECT_NAME, null);
+ String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null);
if (subject == null) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
}
X500Name x500name = new X500Name(subject);
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- x500name));
+ certInfo.set(
+ X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
fillValidityFromForm(certInfo, httpParams);
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IllegalArgumentException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
+ CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
}
// requested extensions.
// let polcies form extensions from http input.
}
- public static void fillValidityFromForm(X509CertInfo certInfo,
- IArgBlock httpParams) throws EBaseException {
+ public static void fillValidityFromForm(
+ X509CertInfo certInfo, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("PKIProcessor: fillValidityFromForm!");
try {
- String notValidBeforeStr = httpParams.getValueAsString(
- "notValidBefore", null);
- String notValidAfterStr = httpParams.getValueAsString(
- "notValidAfter", null);
+ String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
+ String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null);
if (notValidBeforeStr != null && notValidAfterStr != null) {
long notValidBefore = 0;
@@ -266,46 +266,44 @@ public class PKIProcessor implements IPKIProcessor {
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO, "cert validity set to " + validity
- + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert validity set to " + validity + " from authtoken");
}
}
}
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
}
/**
* log according to authority category.
*/
- public static void log(int event, int level, String msg) {
+ public static void log(int event, int level, String msg) {
CMS.getLogger().log(event, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
public static void log(int level, String msg) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "CMSServlet"s, and is called to
- * store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "CMSServlet"s,
+ * and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -316,17 +314,21 @@ public class PKIProcessor implements IPKIProcessor {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
- ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "CMSServlet"s, and is called to
- * obtain the "SubjectID" for a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s,
+ * and is called to obtain the "SubjectID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -341,7 +343,8 @@ public class PKIProcessor implements IPKIProcessor {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String) auditContext.get(SessionContext.USER_ID);
+ subjectID = (String)
+ auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -355,3 +358,4 @@ public class PKIProcessor implements IPKIProcessor {
return subjectID;
}
}
+
generated by cgit (git 2.34.1) at 2024-06-27 02:08:26 +0000