summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java217
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java262
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java428
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java263
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java935
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java426
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java76
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java554
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java93
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java203
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java557
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java1331
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java80
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java103
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java501
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java825
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java24
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java43
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java76
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java22
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java288
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java43
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java15
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java465
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java257
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java37
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java36
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java18
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java154
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java129
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java377
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java302
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java268
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java260
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java22
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java663
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java102
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java480
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java142
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java133
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java29
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java74
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java580
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java113
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java383
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java75
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java89
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java68
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java287
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java114
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java40
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java180
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java196
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java269
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java3643
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java188
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java205
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java597
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java25
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java125
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java13
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java48
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java119
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java36
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java80
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java23
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java20
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java18
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java24
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java29
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java22
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java10
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/Utils.java14
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java123
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java477
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java104
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java115
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java64
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java119
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java68
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java49
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java100
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java41
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java85
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java19
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java180
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java224
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java11
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java48
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java10
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java15
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java87
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java16
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java28
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java27
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java53
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java587
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java53
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java241
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java14
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java8
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java40
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java97
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java56
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java13
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java35
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java35
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java72
-rwxr-xr-xpki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java16
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java47
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java59
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java41
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java48
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java545
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java175
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java213
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java25
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java220
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java18
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java10
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java305
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java42
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java212
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java62
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java43
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java28
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java627
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java80
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java78
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java80
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java126
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java46
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java38
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java54
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java71
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java34
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java84
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java82
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java57
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java74
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java30
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java258
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java79
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java91
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java148
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java341
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java45
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java37
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java54
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java140
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java108
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java95
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java129
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java78
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java125
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java130
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java40
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java233
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java100
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java84
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java160
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java301
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java660
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java290
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java211
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java8
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java1018
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java110
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java606
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java31
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java70
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java1040
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java14
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java384
204 files changed, 16390 insertions, 17076 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
index 4737e2f7..29088fc2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
-
/**
* Manage Access Control List configuration
- *
+ *
* @version $Revision$, $Date$
*/
public class ACLAdminServlet extends AdminServlet {
@@ -64,7 +62,7 @@ public class ACLAdminServlet extends AdminServlet {
private IAuthzManager mAuthzMgr = null;
private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL =
- "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
/**
* Constructs servlet.
@@ -74,17 +72,18 @@ public class ACLAdminServlet extends AdminServlet {
mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
}
- /**
- * initialize the servlet.
+ /**
+ * initialize the servlet.
* <ul>
* <li>http.param OP_TYPE = OP_SEARCH,
* <li>http.param OP_SCOPE - the scope of the request operation:
- * <ul><LI>"impl" ACL implementations
- * <LI>"acls" ACL rules
- * <LI>"evaluatorTypes" ACL evaluators.
- * </ul>
+ * <ul>
+ * <LI>"impl" ACL implementations
+ * <LI>"acls" ACL rules
+ * <LI>"evaluatorTypes" ACL evaluators.
* </ul>
- *
+ * </ul>
+ *
* @param config servlet configuration, read from the web.xml file
*/
public void init(ServletConfig config) throws ServletException {
@@ -99,24 +98,24 @@ public class ACLAdminServlet extends AdminServlet {
return INFO;
}
- /**
+ /**
* Process the HTTP request.
- *
+ *
* @param req the object holding the request information
* @param resp the object holding the response information
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = super.getParameter(req, Constants.OP_SCOPE);
String op = super.getParameter(req, Constants.OP_TYPE);
if (op == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
return;
}
@@ -126,8 +125,8 @@ public class ACLAdminServlet extends AdminServlet {
super.authenticate(req);
} catch (IOException e) {
log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+ null, resp);
return;
}
@@ -141,8 +140,8 @@ public class ACLAdminServlet extends AdminServlet {
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+ null, resp);
return;
}
@@ -152,9 +151,9 @@ public class ACLAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL)) {
@@ -171,8 +170,8 @@ public class ACLAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL)) {
@@ -183,8 +182,8 @@ public class ACLAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL)) {
@@ -195,8 +194,8 @@ public class ACLAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -207,8 +206,8 @@ public class ACLAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -218,38 +217,38 @@ public class ACLAdminServlet extends AdminServlet {
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, e.toString());
sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ null, resp);
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+ null, resp);
return;
}
log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+ null, resp);
return;
}
/**
* list acls resources by name
*/
- private void listResources(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ private void listResources(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -260,7 +259,7 @@ public class ACLAdminServlet extends AdminServlet {
ACL acl = (ACL) res.nextElement();
String desc = acl.getDescription();
- if (desc == null)
+ if (desc == null)
params.add(acl.getName(), "");
else
params.add(acl.getName(), desc);
@@ -272,8 +271,8 @@ public class ACLAdminServlet extends AdminServlet {
/**
* get acls information for a resource
*/
- private void getResourceACL(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ private void getResourceACL(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -283,8 +282,8 @@ public class ACLAdminServlet extends AdminServlet {
if (resourceId == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -295,7 +294,7 @@ public class ACLAdminServlet extends AdminServlet {
StringBuffer rights = new StringBuffer();
- if (rightsEnum.hasMoreElements()) {
+ if (rightsEnum.hasMoreElements()) {
while (rightsEnum.hasMoreElements()) {
if (rights.length() != 0) {
rights.append(",");
@@ -332,8 +331,8 @@ public class ACLAdminServlet extends AdminServlet {
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"),
+ null, resp);
return;
}
}
@@ -341,19 +340,19 @@ public class ACLAdminServlet extends AdminServlet {
/**
* modify acls information for a resource
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
- * Access Control List (ACL) information
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private void updateResources(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ private void updateResources(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
String auditMessage = null;
@@ -378,15 +377,15 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// get resource acls
String resourceACLs = super.getParameter(req, Constants.PR_ACI);
String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS);
- String desc = super.getParameter(req, Constants.PR_ACL_DESC);
+ String desc = super.getParameter(req, Constants.PR_ACL_DESC);
try {
mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc);
@@ -417,8 +416,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"),
+ null, resp);
return;
}
// } catch( EBaseException eAudit1 ) {
@@ -459,18 +458,18 @@ public class ACLAdminServlet extends AdminServlet {
// throw eAudit3;
}
}
-
+
/**
* list access evaluators by types and class paths
*/
- private void listACLsEvaluators(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ private void listACLsEvaluators(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
while (res.hasMoreElements()) {
- IAccessEvaluator evaluator = res.nextElement();
+ IAccessEvaluator evaluator = res.nextElement();
// params.add(evaluator.getType(), evaluator.getDescription());
params.add(evaluator.getType(), evaluator.getClass().getName());
@@ -480,18 +479,18 @@ public class ACLAdminServlet extends AdminServlet {
}
private void listACLsEvaluatorTypes(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
while (res.hasMoreElements()) {
- IAccessEvaluator evaluator = res.nextElement();
+ IAccessEvaluator evaluator = res.nextElement();
String[] operators = evaluator.getSupportedOperators();
StringBuffer str = new StringBuffer();
for (int i = 0; i < operators.length; i++) {
- if (str.length() > 0)
+ if (str.length() > 0)
str.append(",");
str.append(operators[i]);
}
@@ -505,22 +504,22 @@ public class ACLAdminServlet extends AdminServlet {
/**
* add access evaluators
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
- * Access Control List (ACL) information
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this ACL evaluator's
- * substore
+ * substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addACLsEvaluator(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addACLsEvaluator(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -543,8 +542,8 @@ public class ACLAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -560,9 +559,9 @@ public class ACLAdminServlet extends AdminServlet {
String classPath = super.getParameter(req, Constants.PR_ACL_CLASS);
IConfigStore destStore =
- mConfig.getSubStore(PROP_EVAL);
+ mConfig.getSubStore(PROP_EVAL);
IConfigStore mStore =
- destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+ destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
// Does the class exist?
Class<?> newImpl = null;
@@ -584,17 +583,16 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"),
+ null, resp);
return;
}
// is the class an IAccessEvaluator?
try {
- if
- (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
+ if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
- classPath;
+ classPath;
log(ILogger.LL_FAILURE, errMsg);
@@ -608,13 +606,13 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+ null, resp);
return;
}
} catch (Exception e) {
String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
- classPath;
+ classPath;
log(ILogger.LL_FAILURE, errMsg);
@@ -628,8 +626,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+ null, resp);
return;
}
@@ -653,8 +651,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
+ null, resp);
return;
}
@@ -676,8 +674,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"),
+ null, resp);
return;
}
@@ -743,21 +741,21 @@ public class ACLAdminServlet extends AdminServlet {
/**
* remove access evaluators
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
- * Access Control List (ACL) information
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this ACL evaluator's
- * substore
+ * substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void deleteACLsEvaluator(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void deleteACLsEvaluator(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -782,8 +780,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -803,8 +801,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"),
+ null, resp);
return;
}
@@ -814,9 +812,9 @@ public class ACLAdminServlet extends AdminServlet {
try {
IConfigStore destStore =
- mConfig.getSubStore(PROP_EVAL);
+ mConfig.getSubStore(PROP_EVAL);
IConfigStore mStore =
- destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+ destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
mStore.removeSubStore(id);
} catch (Exception eeee) {
@@ -838,8 +836,8 @@ public class ACLAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
+ null, resp);
return;
}
@@ -892,11 +890,11 @@ public class ACLAdminServlet extends AdminServlet {
// throw eAudit3;
}
}
-
+
/**
* Searchs for certificate requests.
*/
-
+
/*
private void getACLs(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException,
@@ -922,7 +920,6 @@ public class ACLAdminServlet extends AdminServlet {
if (mLogger == null)
return;
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "ACLAdminServlet: " + msg);
+ level, "ACLAdminServlet: " + msg);
}
-}
-
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
index 2024e496..a36c859d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
@@ -17,13 +17,11 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.util.ListResourceBundle;
-
/**
* A class represents a resource bundle for the remote admin.
- *
+ *
* @version $Revision$, $Date$
* @see java.util.ListResourceBundle
*/
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 0f2a6ec7..5b3a8c5a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
@@ -56,32 +55,31 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cms.servlet.base.UserInfo;
-
/**
* A class represents an administration servlet that
* is responsible to serve administrative
* operation such as configuration parameter updates.
- *
+ *
* Since each administration servlet needs to perform
* authentication information parsing and response
* formulation, it makes sense to encapsulate the
* commonalities into this class.
- *
+ *
* By extending this serlvet, the subclass does not
* need to re-implement the request parsing code
* (i.e. authentication information parsing).
- *
+ *
* If a subsystem needs to expose configuration
* parameters management, it should create an
* administration servlet (i.e. CAAdminServlet)
* and register it to RemoteAdmin subsystem.
- *
+ *
* <code>
* public class CAAdminServlet extends AdminServlet {
* ...
* }
* </code>
- *
+ *
* @version $Revision$, $Date$
*/
public class AdminServlet extends HttpServlet {
@@ -117,8 +115,8 @@ public class AdminServlet extends HttpServlet {
public final static String AUTHZ_SRC_TYPE = "sourceType";
public final static String AUTHZ_SRC_LDAP = "ldap";
public final static String AUTHZ_SRC_XML = "web.xml";
- public static final String CERT_ATTR =
- "javax.servlet.request.X509Certificate";
+ public static final String CERT_ATTR =
+ "javax.servlet.request.X509Certificate";
public final static String SIGNED_AUDIT_SCOPE = "Scope";
public final static String SIGNED_AUDIT_OPERATION = "Operation";
@@ -130,19 +128,19 @@ public class AdminServlet extends HttpServlet {
public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+ "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+ "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+ "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
- "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+ "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
private final static String CERTUSERDB =
- IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
+ IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
private final static String PASSWDUSERDB =
- IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
+ IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
/**
* Constructs generic administration servlet.
@@ -204,45 +202,44 @@ public class AdminServlet extends HttpServlet {
}
}
- public void outputHttpParameters(HttpServletRequest httpReq)
- {
+ public void outputHttpParameters(HttpServletRequest httpReq) {
CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
- String pn = (String)paramNames.nextElement();
+ String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
// all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("AdminServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("directoryManagerPwd") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("AdminServlet::service() param name='" + pn +
+ "' value='(sensitive)'");
} else {
- CMS.debug("AdminServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("AdminServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
-
+
/**
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
@@ -250,7 +247,7 @@ public class AdminServlet extends HttpServlet {
"CMS server is not ready to serve.");
if (CMS.debugOn()) {
- outputHttpParameters(req);
+ outputHttpParameters(req);
}
}
@@ -277,15 +274,12 @@ public class AdminServlet extends HttpServlet {
* Authenticates to the identity scope with the given
* userid and password via identity manager.
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
- * fails (in case of SSL-client auth, only webserver env can pick up the
- * SSL violation; CMS authMgr can pick up cert mis-match, so this event
- * is used)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
- * succeeded
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CMS authMgr can pick up cert mis-match, so this event is used)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
* </ul>
+ *
* @exception IOException an input/output error has occurred
*/
protected void authenticate(HttpServletRequest req) throws
@@ -307,12 +301,12 @@ public class AdminServlet extends HttpServlet {
// do nothing for now.
}
IAuthSubsystem auth = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
X509Certificate cert = null;
if (authType.equals("sslclientauth")) {
X509Certificate[] allCerts =
- (X509Certificate[]) req.getAttribute(CERT_ATTR);
+ (X509Certificate[]) req.getAttribute(CERT_ATTR);
if (allCerts == null || allCerts.length == 0) {
// store a message in the signed audit log file
@@ -362,10 +356,9 @@ public class AdminServlet extends HttpServlet {
mServletID));
try {
if (authType.equals("sslclientauth")) {
- IAuthManager
- authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+ IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
IAuthCredentials authCreds =
- getAuthCreds(authMgr, cert);
+ getAuthCreds(authMgr, cert);
token = (AuthToken) authMgr.authenticate(authCreds);
} else {
@@ -441,9 +434,9 @@ public class AdminServlet extends HttpServlet {
if (tuserid == null) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
- tuserid));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
+ tuserid));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
@@ -477,9 +470,9 @@ public class AdminServlet extends HttpServlet {
if (user == null) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
- tuserid));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
+ tuserid));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
@@ -515,7 +508,7 @@ public class AdminServlet extends HttpServlet {
sessionContext.put(SessionContext.USER, user);
} catch (EUsrGrpException e) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
@@ -595,8 +588,8 @@ public class AdminServlet extends HttpServlet {
}
public static AuthCredentials getAuthCreds(
- IAuthManager authMgr, X509Certificate clientCert)
- throws EBaseException {
+ IAuthManager authMgr, X509Certificate clientCert)
+ throws EBaseException {
// get credentials from http parameters.
String[] reqCreds = authMgr.getRequiredCreds();
AuthCredentials creds = new AuthCredentials();
@@ -606,8 +599,8 @@ public class AdminServlet extends HttpServlet {
if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
// cert could be null;
- creds.set(reqCred, new X509Certificate[] { clientCert}
- );
+ creds.set(reqCred, new X509Certificate[] { clientCert }
+ );
}
}
return creds;
@@ -616,15 +609,13 @@ public class AdminServlet extends HttpServlet {
/**
* Authorize must occur after Authenticate
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
- * has failed
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
- * is successful
- * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
- * role (in current CMS that's when one accesses a role port)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CMS that's when one accesses a role port)
* </ul>
+ *
* @param req HTTP servlet request
* @return the authorization token
*/
@@ -779,15 +770,15 @@ public class AdminServlet extends HttpServlet {
/**
* Sends response.
- *
+ *
* @param returnCode return code
* @param errorMsg localized error message
* @param params result parameters
* @param resp HTTP servlet response
*/
protected void sendResponse(int returnCode, String errorMsg,
- NameValuePairs params, HttpServletResponse resp)
- throws IOException {
+ NameValuePairs params, HttpServletResponse resp)
+ throws IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
@@ -806,8 +797,8 @@ public class AdminServlet extends HttpServlet {
String value = java.net.URLEncoder.encode((String)
params.getValue(name));
- buf.append(java.net.URLEncoder.encode(name) +
- "=" + value);
+ buf.append(java.net.URLEncoder.encode(name) +
+ "=" + value);
if (e.hasMoreElements())
buf.append("&");
}
@@ -858,8 +849,8 @@ public class AdminServlet extends HttpServlet {
* Generic configuration store get operation.
*/
protected synchronized void getConfig(
- IConfigStore config, HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ IConfigStore config, HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
@@ -876,8 +867,8 @@ public class AdminServlet extends HttpServlet {
if (name.equals(Constants.OP_SCOPE))
continue;
- //System.out.println(name);
- //System.out.println(name+","+config.getString(name));
+ //System.out.println(name);
+ //System.out.println(name+","+config.getString(name));
params.add(name, config.getString(name));
}
sendResponse(SUCCESS, null, params, resp);
@@ -889,8 +880,8 @@ public class AdminServlet extends HttpServlet {
* calling this, and commit changes after this call.
*/
protected synchronized void setConfig(
- IConfigStore config, HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ IConfigStore config, HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
@@ -906,8 +897,8 @@ public class AdminServlet extends HttpServlet {
continue;
if (name.equals(Constants.OP_SCOPE))
continue;
- // XXX Need validation...
- // XXX what if update failed
+ // XXX Need validation...
+ // XXX what if update failed
config.putString(name, req.getParameter(name));
}
commit(true);
@@ -918,8 +909,8 @@ public class AdminServlet extends HttpServlet {
* Lists configuration store.
*/
protected synchronized void listConfig(
- IConfigStore config, HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ IConfigStore config, HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
Enumeration e = config.getPropertyNames();
NameValuePairs params = new NameValuePairs();
@@ -938,14 +929,14 @@ public class AdminServlet extends HttpServlet {
public boolean authorize(IAuthToken token) throws EBaseException {
String mGroupNames[] = { "Administrators" };
boolean mAnd = true;
-
+
try {
String userid = token.getInString("userid");
if (userid == null) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
return false;
}
@@ -955,8 +946,8 @@ public class AdminServlet extends HttpServlet {
if (user == null) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
return false;
}
@@ -973,9 +964,9 @@ public class AdminServlet extends HttpServlet {
for (int i = 0; i < mGroupNames.length; i++) {
if (!mUG.isMemberOf(user, mGroupNames[i])) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
- mGroupNames[i]));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
+ mGroupNames[i]));
return false;
}
}
@@ -984,9 +975,9 @@ public class AdminServlet extends HttpServlet {
for (int i = 0; i < mGroupNames.length; i++) {
if (mUG.isMemberOf(user, mGroupNames[i])) {
mLogger.log(ILogger.EV_SYSTEM,
- ILogger.S_OTHER, ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
- mGroupNames[i]));
+ ILogger.S_OTHER, ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
+ mGroupNames[i]));
return true;
}
}
@@ -998,24 +989,24 @@ public class AdminServlet extends HttpServlet {
groups.append(mGroupNames[j]);
}
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
return false;
}
} catch (EUsrGrpException e) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
return false;
}
}
/**
* FileConfigStore functionality
- *
+ *
* The original config file is moved to <filename>.<date>.
* Commits the current properties to the configuration file.
* <P>
- *
+ *
* @param createBackup true if a backup file should be created
*/
protected void commit(boolean createBackup) throws EBaseException {
@@ -1026,16 +1017,16 @@ public class AdminServlet extends HttpServlet {
if (mLogger == null)
return;
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN,
- level, "AdminServlet: " + msg);
+ level, "AdminServlet: " + msg);
}
/**
* Signed Audit Log
- *
+ *
* This method is inherited by all extended admin servlets
* and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1047,20 +1038,20 @@ public class AdminServlet extends HttpServlet {
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to obtain the "SubjectID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -1092,13 +1083,13 @@ public class AdminServlet extends HttpServlet {
/**
* Signed Audit Parameters
- *
+ *
* This method is inherited by all extended admin servlets and
* is called to extract parameters from the HttpServletRequest
* and return a string of name;;value pairs separated by a '+'
* if more than one name;;value pair exists.
* <P>
- *
+ *
* @param req HTTP servlet request
* @return a delimited string of one or more delimited name/value pairs
*/
@@ -1176,22 +1167,22 @@ public class AdminServlet extends HttpServlet {
// case-insensitive "password", "pwd", and "passwd"
// name fields, and hide any password values:
//
- /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) ||
- name.equals( Constants.TYPE_PASSWORD ) ||
- name.equals( Constants.PR_USER_PASSWORD ) ||
- name.equals( Constants.PT_OLD_PASSWORD ) ||
- name.equals( Constants.PT_NEW_PASSWORD ) ||
- name.equals( Constants.PT_DIST_STORE ) ||
- name.equals( Constants.PT_DIST_EMAIL ) ||
- /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) ||
- // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) ||
- name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) ||
- name.equals( Constants.PR_OLD_AGENT_PWD ) ||
- name.equals( Constants.PR_AGENT_PWD ) ||
- name.equals( Constants.PT_PUBLISH_PWD ) ||
- /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) ||
- name.equals( Constants.PR_BIND_PASSWD_AGAIN ) ||
- name.equals( Constants.PR_TOKEN_PASSWD ) ) {
+ /* "password" */if (name.equals(Constants.PASSWORDTYPE) ||
+ name.equals(Constants.TYPE_PASSWORD) ||
+ name.equals(Constants.PR_USER_PASSWORD) ||
+ name.equals(Constants.PT_OLD_PASSWORD) ||
+ name.equals(Constants.PT_NEW_PASSWORD) ||
+ name.equals(Constants.PT_DIST_STORE) ||
+ name.equals(Constants.PT_DIST_EMAIL) ||
+ /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) ||
+ // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) ||
+ name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) ||
+ name.equals(Constants.PR_OLD_AGENT_PWD) ||
+ name.equals(Constants.PR_AGENT_PWD) ||
+ name.equals(Constants.PT_PUBLISH_PWD) ||
+ /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) ||
+ name.equals(Constants.PR_BIND_PASSWD_AGAIN) ||
+ name.equals(Constants.PR_TOKEN_PASSWD)) {
// hide password value
parameters += name
@@ -1216,14 +1207,14 @@ public class AdminServlet extends HttpServlet {
/**
* Signed Audit Groups
- *
+ *
* This method is called to extract all "groups" associated
* with the "auditSubjectID()".
* <P>
- *
+ *
* @param SubjectID string containing the signed audit log message SubjectID
* @return a delimited string of groups associated
- * with the "auditSubjectID()"
+ * with the "auditSubjectID()"
*/
private String auditGroups(String SubjectID) {
// if no signed audit object exists, bail
@@ -1232,7 +1223,7 @@ public class AdminServlet extends HttpServlet {
}
if ((SubjectID == null) ||
- (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+ (SubjectID.equals(ILogger.UNIDENTIFIED))) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1250,7 +1241,7 @@ public class AdminServlet extends HttpServlet {
IGroup group = (IGroup) groups.nextElement();
if (group.isMember(SubjectID) == true) {
- if (membersString.length()!=0) {
+ if (membersString.length() != 0) {
membersString.append(", ");
}
@@ -1258,7 +1249,7 @@ public class AdminServlet extends HttpServlet {
}
}
- if (membersString.length()!= 0) {
+ if (membersString.length() != 0) {
return membersString.toString();
} else {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1266,7 +1257,8 @@ public class AdminServlet extends HttpServlet {
}
protected NameValuePairs convertStringArrayToNVPairs(String[] s) {
- if (s == null) return null;
+ if (s == null)
+ return null;
NameValuePairs nvps = new NameValuePairs();
int i;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
index 4a7329c9..ceffb7c2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.ldap.ILdapAuthInfo;
import com.netscape.certsrv.logging.ILogger;
-
/**
* A class representing an administration servlet for the
- * Authentication Management subsystem. This servlet is responsible
+ * Authentication Management subsystem. This servlet is responsible
* to serve configuration requests for the Auths Management subsystem.
*
- *
+ *
* @version $Revision$, $Date$
*/
public class AuthAdminServlet extends AdminServlet {
@@ -64,13 +62,13 @@ public class AuthAdminServlet extends AdminServlet {
private final static String INFO = "AuthAdminServlet";
private IAuthSubsystem mAuths = null;
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD =
+ "PASSWORD_CACHE_ADD";
private final static String VIEW = ";" + Constants.VIEW;
private final static String EDIT = ";" + Constants.EDIT;
private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH =
- "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
public AuthAdminServlet() {
super();
@@ -88,18 +86,18 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* retrieve extended plugin info such as brief description, type info
* from policy, authentication,
- * need to add: listener, mapper and publishing plugins
+ * need to add: listener, mapper and publishing plugins
* --- same as policy, should we move this into extendedpluginhelper?
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -110,7 +108,7 @@ public class AuthAdminServlet extends AdminServlet {
String implName = id.substring(colon + 1);
NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ getExtendedPluginInfo(getLocale(req), implType, implName);
sendResponse(SUCCESS, null, params, resp);
}
@@ -142,7 +140,7 @@ public class AuthAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String scope = req.getParameter(Constants.OP_SCOPE);
@@ -150,22 +148,22 @@ public class AuthAdminServlet extends AdminServlet {
if (op == null) {
//System.out.println("SRVLT_INVALID_PROTOCOL");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
return;
}
// if it is not authentication, that means it is for CSC admin ping.
// the best way to do is to define another protocol for ping and move
// it to the generic servlet which is admin servlet.
- if (!op.equals(OpDef.OP_AUTH)) {
+ if (!op.equals(OpDef.OP_AUTH)) {
if (scope.equals(ScopeDef.SC_AUTH)) {
String id = req.getParameter(Constants.RS_ID);
// for CSC admin ping only
if (op.equals(OpDef.OP_READ) &&
- id.equals(Constants.RS_ID_CONFIG)) {
+ id.equals(Constants.RS_ID_CONFIG)) {
// no need to authenticate this. if we're alive, return true.
NameValuePairs params = new NameValuePairs();
@@ -176,8 +174,8 @@ public class AuthAdminServlet extends AdminServlet {
} else {
//System.out.println("SRVLT_INVALID_OP_TYPE");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+ null, resp);
return;
}
}
@@ -186,7 +184,7 @@ public class AuthAdminServlet extends AdminServlet {
try {
if (op.equals(OpDef.OP_AUTH)) {
if (scope.equals(ScopeDef.SC_AUTHTYPE)) {
- IConfigStore configStore = CMS.getConfigStore();
+ IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("authType", "pwd");
NameValuePairs params = new NameValuePairs();
@@ -196,8 +194,8 @@ public class AuthAdminServlet extends AdminServlet {
}
}
} catch (Exception e) {
- sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+ null, resp);
return;
}
// for the rest
@@ -209,8 +207,8 @@ public class AuthAdminServlet extends AdminServlet {
}
} catch (IOException e) {
//System.out.println("SRVLT_FAIL_AUTHS");
- sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+ null, resp);
return;
}
@@ -223,8 +221,8 @@ public class AuthAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
getExtendedPluginInfo(req, resp);
@@ -238,8 +236,8 @@ public class AuthAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -249,17 +247,17 @@ public class AuthAdminServlet extends AdminServlet {
listAuthMgrInsts(req, resp);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -269,17 +267,17 @@ public class AuthAdminServlet extends AdminServlet {
getInstConfig(req, resp);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -289,17 +287,17 @@ public class AuthAdminServlet extends AdminServlet {
addAuthMgrInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -309,17 +307,17 @@ public class AuthAdminServlet extends AdminServlet {
delAuthMgrInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
@@ -328,18 +326,18 @@ public class AuthAdminServlet extends AdminServlet {
}
} else {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
- }
+ }
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
+ }
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+ null, resp);
return;
}
@@ -356,23 +354,23 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Add authentication manager plug-in
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
- * authentication
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
-
- private synchronized void addAuthMgrPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+
+ private synchronized void addAuthMgrPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -394,8 +392,8 @@ public class AuthAdminServlet extends AdminServlet {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// is the manager id unique?
@@ -410,8 +408,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
@@ -428,13 +426,13 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
+ null, resp);
return;
}
if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") ||
- classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
+ classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
@@ -445,17 +443,17 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
return;
}
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
// Does the class exist?
-
+
Class<IAuthManager> newImpl = null;
try {
@@ -473,8 +471,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
+ null, resp);
return;
} catch (IllegalArgumentException e) {
// store a message in the signed audit log file
@@ -487,8 +485,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
+ null, resp);
return;
}
@@ -505,8 +503,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
+ null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
@@ -520,8 +518,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
+ null, resp);
return;
}
@@ -544,8 +542,8 @@ public class AuthAdminServlet extends AdminServlet {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -553,8 +551,8 @@ public class AuthAdminServlet extends AdminServlet {
AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath);
mAuths.getPlugins().put(id, plugin);
- mAuths.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
+ mAuths.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
NameValuePairs params = new NameValuePairs();
@@ -611,22 +609,22 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Add authentication manager instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
- * authentication
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addAuthMgrInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addAuthMgrInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -647,8 +645,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -664,8 +662,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
+ null, resp);
return;
}
@@ -685,21 +683,21 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"),
+ null, resp);
return;
}
// prevent agent & admin creation.
if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
- implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+ implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// check if implementation exists.
AuthMgrPlugin plugin =
- (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+ (AuthMgrPlugin) mAuths.getPlugins().get(implname);
if (plugin == null) {
// store a message in the signed audit log file
@@ -712,8 +710,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
@@ -723,9 +721,9 @@ public class AuthAdminServlet extends AdminServlet {
String[] configParams = mAuths.getConfigParams(implname);
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -765,8 +763,8 @@ public class AuthAdminServlet extends AdminServlet {
// cleanup
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
// store a message in the signed audit log file
@@ -780,8 +778,8 @@ public class AuthAdminServlet extends AdminServlet {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
// store a message in the signed audit log file
@@ -795,8 +793,8 @@ public class AuthAdminServlet extends AdminServlet {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
}
@@ -835,16 +833,16 @@ public class AuthAdminServlet extends AdminServlet {
// clean up.
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mAuths.add(id, authMgrInst);
- mAuths.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
+ mAuths.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
NameValuePairs params = new NameValuePairs();
@@ -900,8 +898,8 @@ public class AuthAdminServlet extends AdminServlet {
}
}
- private synchronized void listAuthMgrPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listAuthMgrPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -909,8 +907,8 @@ public class AuthAdminServlet extends AdminServlet {
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- AuthMgrPlugin value = (AuthMgrPlugin)
- mAuths.getPlugins().get(name);
+ AuthMgrPlugin value = (AuthMgrPlugin)
+ mAuths.getPlugins().get(name);
if (value.isVisible()) {
params.add(name, value.getClassPath() + EDIT);
@@ -920,14 +918,13 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
- private synchronized void listAuthMgrInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listAuthMgrInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
- for (Enumeration<?> e = mAuths.getInstances().keys();
- e.hasMoreElements();) {
+ for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name);
IAuthManager value = proxy.getAuthManager();
@@ -938,7 +935,7 @@ public class AuthAdminServlet extends AdminServlet {
}
AuthMgrPlugin amgrplugin = (AuthMgrPlugin)
- mAuths.getPlugins().get(value.getImplName());
+ mAuths.getPlugins().get(value.getImplName());
if (!amgrplugin.isVisible()) {
params.add(name, value.getImplName() + ";invisible;" + enableStr);
@@ -953,21 +950,21 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Delete authentication manager plug-in
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
- * authentication
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delAuthMgrPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delAuthMgrPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -991,16 +988,16 @@ public class AuthAdminServlet extends AdminServlet {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// prevent deletion of admin and agent.
if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
- id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+ id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// does auth manager exist?
@@ -1015,15 +1012,14 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
- null, resp);
+ new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this auth manager
// DON'T remove auth manager if any instance
- for (Enumeration<?> e = mAuths.getInstances().keys();
- e.hasMoreElements();) {
+ for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement());
if (authMgr.getImplName() == id) {
@@ -1037,19 +1033,19 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"),
+ null, resp);
return;
}
}
-
+
// then delete this auth manager
mAuths.getPlugins().remove((Object) id);
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
@@ -1066,8 +1062,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1124,21 +1120,21 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Delete authentication manager instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
- * authentication
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delAuthMgrInst(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delAuthMgrInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1162,16 +1158,16 @@ public class AuthAdminServlet extends AdminServlet {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// prevent deletion of admin and agent.
if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
- id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// does auth manager instance exist?
@@ -1186,8 +1182,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
- null, resp);
+ new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -1200,9 +1196,9 @@ public class AuthAdminServlet extends AdminServlet {
// remove the configuration.
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
@@ -1220,8 +1216,8 @@ public class AuthAdminServlet extends AdminServlet {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1283,24 +1279,24 @@ public class AuthAdminServlet extends AdminServlet {
/**
* used for getting the required configuration parameters (with
- * possible default values) for a particular auth manager plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this authentication subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * possible default values) for a particular auth manager plugin
+ * implementation name specified in the RS_ID. Actually, there is
+ * no logic in here to set any default value here...there's no
+ * default value for any parameter in this authentication subsystem
+ * at this point. Later, if we do have one (or some), it can be
+ * added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1318,8 +1314,8 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -1327,16 +1323,16 @@ public class AuthAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does auth manager instance exist?
if (mAuths.getInstances().containsKey(id) == false) {
sendResponse(ERROR,
- new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
- null, resp);
+ new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -1366,28 +1362,28 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Modify authentication manager instance
- * This will actually create a new instance with new configuration
+ * This will actually create a new instance with new configuration
* parameters and replace the old instance if the new instance is
* created and initialized successfully.
* The old instance is left running, so this is very expensive.
* Restart of server recommended.
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
- * authentication
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modAuthMgrInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modAuthMgrInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
// expensive operation.
@@ -1411,16 +1407,16 @@ public class AuthAdminServlet extends AdminServlet {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// prevent modification of admin and agent.
if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
- id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// Does the manager instance exist?
@@ -1435,8 +1431,8 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
- null, resp);
+ CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
+ null, resp);
return;
}
@@ -1454,14 +1450,14 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
- null, resp);
+ CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
+ null, resp);
return;
}
// get plugin for implementation
AuthMgrPlugin plugin =
- (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+ (AuthMgrPlugin) mAuths.getPlugins().get(implname);
if (plugin == null) {
// store a message in the signed audit log file
@@ -1474,15 +1470,15 @@ public class AuthAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
// save old instance substore params in case new one fails.
- IAuthManager oldinst =
- (IAuthManager) mAuths.get(id);
+ IAuthManager oldinst =
+ (IAuthManager) mAuths.get(id);
IConfigStore oldConfig = oldinst.getConfigStore();
String[] oldConfigParms = oldinst.getConfigParams();
@@ -1490,7 +1486,7 @@ public class AuthAdminServlet extends AdminServlet {
// implName is always required so always include it it.
saveParams.add(IAuthSubsystem.PROP_PLUGIN,
- (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
+ (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
if (oldConfigParms != null) {
for (int i = 0; i < oldConfigParms.length; i++) {
String key = oldConfigParms[i];
@@ -1507,9 +1503,9 @@ public class AuthAdminServlet extends AdminServlet {
// remove old substore.
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
@@ -1551,8 +1547,8 @@ public class AuthAdminServlet extends AdminServlet {
// cleanup
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
// store a message in the signed audit log file
@@ -1566,8 +1562,8 @@ public class AuthAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
// store a message in the signed audit log file
@@ -1581,8 +1577,8 @@ public class AuthAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
}
@@ -1623,8 +1619,8 @@ public class AuthAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1632,8 +1628,8 @@ public class AuthAdminServlet extends AdminServlet {
mAuths.add(id, newMgrInst);
- mAuths.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
+ mAuths.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
NameValuePairs params = new NameValuePairs();
@@ -1688,8 +1684,8 @@ public class AuthAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store,
+ String id, NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -1699,7 +1695,7 @@ public class AuthAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (value != null)
+ if (value != null)
rstore.put(key, value);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
index bfa9cccd..d0bbfa82 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.util.Enumeration;
import java.util.Hashtable;
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
* Authentication Credentials as input to the authMgr
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class AuthCredentials implements IAuthCredentials {
@@ -40,19 +38,21 @@ public class AuthCredentials implements IAuthCredentials {
private Hashtable authCreds = null;
// Inserted by bskim
private IArgBlock argblk = null;
+
// Insert end
-
+
public AuthCredentials() {
authCreds = new Hashtable();
}
/**
* sets a credential with credential name and the credential
+ *
* @param name credential name
* @param cred credential
* @exception com.netscape.certsrv.base.EBaseException NullPointerException
*/
- public void set(String name, Object cred)throws EBaseException {
+ public void set(String name, Object cred) throws EBaseException {
if (cred == null) {
throw new EBaseException("AuthCredentials.set()");
}
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
/**
* returns the credential to which the specified name is mapped in this
- * credential set
+ * credential set
+ *
* @param name credential name
* @return the named authentication credential
*/
@@ -72,8 +73,9 @@ public class AuthCredentials implements IAuthCredentials {
/**
* removes the name and its corresponding credential from this
- * credential set. This method does nothing if the named
- * credential is not in the credential set.
+ * credential set. This method does nothing if the named
+ * credential is not in the credential set.
+ *
* @param name credential name
*/
public void delete(String name) {
@@ -82,26 +84,26 @@ public class AuthCredentials implements IAuthCredentials {
/**
* returns an enumeration of the credentials in this credential
- * set. Use the Enumeration methods on the returned object to
- * fetch the elements sequentially.
+ * set. Use the Enumeration methods on the returned object to
+ * fetch the elements sequentially.
+ *
* @return an enumeration of the values in this credential set
* @see java.util.Enumeration
*/
public Enumeration getElements() {
return (authCreds.elements());
}
-
+
// Inserted by bskim
public void setArgBlock(IArgBlock blk) {
argblk = blk;
return;
- }
+ }
// Insert end
-
+
public IArgBlock getArgBlock() {
return argblk;
- }
+ }
// Insert end
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
index 0ae51ce4..4a059106 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.File;
import java.io.IOException;
import java.net.UnknownHostException;
@@ -45,13 +44,12 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.request.IRequestListener;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve CA
- * administrative operations such as configuration parameter
+ * Authority. This servlet is responsible to serve CA
+ * administrative operations such as configuration parameter
* updates.
- *
+ *
* @version $Revision$, $Date$
*/
public class CAAdminServlet extends AdminServlet {
@@ -66,7 +64,7 @@ public class CAAdminServlet extends AdminServlet {
private final static String INFO = "CAAdminServlet";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE =
- "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
private ICertificateAuthority mCA = null;
protected static final String PROP_ENABLED = "enabled";
@@ -98,9 +96,9 @@ public class CAAdminServlet extends AdminServlet {
* the authenticate manager.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
-
+
//get all operational flags
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
@@ -109,7 +107,7 @@ public class CAAdminServlet extends AdminServlet {
if ((op == null) || (scope == null)) {
sendResponse(1, "Invalid Protocol", null, resp);
return;
- }
+ }
super.authenticate(req);
@@ -120,8 +118,8 @@ public class CAAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
getExtendedPluginInfo(req, resp);
@@ -135,8 +133,8 @@ public class CAAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL))
@@ -159,8 +157,8 @@ public class CAAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL))
@@ -171,9 +169,9 @@ public class CAAdminServlet extends AdminServlet {
setCRLIPsConfig(req, resp);
else if (scope.equals(ScopeDef.SC_CRL))
setCRLConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
setNotificationReqCompConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
setNotificationRevCompConfig(req, resp);
else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
setNotificationRIQConfig(req, resp);
@@ -183,8 +181,8 @@ public class CAAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
@@ -195,8 +193,8 @@ public class CAAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -205,8 +203,8 @@ public class CAAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -223,20 +221,20 @@ public class CAAdminServlet extends AdminServlet {
/*==========================================================
* private methods
*==========================================================*/
-
+
/*
* handle request completion (cert issued) notification config requests
*/
private void getNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc) throws ServletException,
IOException, EBaseException {
-
+
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
-
+
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
-
+
if (name.equals(Constants.OP_TYPE))
continue;
if (name.equals(Constants.RS_ID))
@@ -247,33 +245,33 @@ public class CAAdminServlet extends AdminServlet {
continue;
params.add(name, rc.getString(name, ""));
}
-
+
params.add(Constants.PR_ENABLE,
- rc.getString(PROP_ENABLED, Constants.FALSE));
+ rc.getString(PROP_ENABLED, Constants.FALSE));
sendResponse(SUCCESS, null, params, resp);
}
-
+
private void getNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
-
+
IConfigStore config = mCA.getConfigStore();
IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
-
+
getNotificationCompConfig(req, resp, rc);
}
-
+
private void getNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
-
+
IConfigStore config = mCA.getConfigStore();
IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
-
+
getNotificationCompConfig(req, resp, rc);
}
@@ -281,14 +279,14 @@ public class CAAdminServlet extends AdminServlet {
* handle getting request in queue notification config info
*/
private void getNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mCA.getConfigStore();
IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
@@ -308,8 +306,8 @@ public class CAAdminServlet extends AdminServlet {
params.add(name, riq.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- riq.getString(PROP_ENABLED, Constants.FALSE));
+ params.add(Constants.PR_ENABLE,
+ riq.getString(PROP_ENABLED, Constants.FALSE));
sendResponse(SUCCESS, null, params, resp);
}
@@ -317,11 +315,11 @@ public class CAAdminServlet extends AdminServlet {
* handle setting request in queue notification config info
*/
private void setNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mCA.getConfigStore();
IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
@@ -346,15 +344,15 @@ public class CAAdminServlet extends AdminServlet {
File template = new File(val);
if ((!template.exists()) || (!template.canRead())
- || (template.isDirectory())) {
+ || (template.isDirectory())) {
String error =
- "Template: " + val + " does not exist or invalid";
+ "Template: " + val + " does not exist or invalid";
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+ null, resp);
return;
}
}
@@ -377,9 +375,9 @@ public class CAAdminServlet extends AdminServlet {
* handle setting request complete notification config info
*/
private void setNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
IOException, EBaseException {
-
+
//set rest of the parameters
Enumeration e = req.getParameterNames();
@@ -401,15 +399,15 @@ public class CAAdminServlet extends AdminServlet {
File template = new File(val);
if ((!template.exists()) || (!template.canRead())
- || (template.isDirectory())) {
+ || (template.isDirectory())) {
String error =
- "Template: " + val + " does not exist or invalid";
+ "Template: " + val + " does not exist or invalid";
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+ null, resp);
return;
}
}
@@ -429,23 +427,23 @@ public class CAAdminServlet extends AdminServlet {
}
private void setNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mCA.getConfigStore();
IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
+ IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener());
- }
+ }
private void setNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mCA.getConfigStore();
IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
@@ -454,8 +452,8 @@ public class CAAdminServlet extends AdminServlet {
}
private void listCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration ips = mCA.getCRLIssuingPoints();
@@ -469,16 +467,16 @@ public class CAAdminServlet extends AdminServlet {
if (ipId != null && ipId.length() > 0)
params.add(ipId, ip.getDescription());
params.add(ipId + "." + Constants.PR_ENABLED,
- (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
+ (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
}
}
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
@@ -518,11 +516,11 @@ public class CAAdminServlet extends AdminServlet {
/**
* Add CRL issuing points configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
- * configuring CRL profile (extensions, frequency, CRL format)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -530,8 +528,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void addCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -578,7 +576,7 @@ public class CAAdminServlet extends AdminServlet {
boolean enable = true;
if (sEnable != null && sEnable.length() > 0 &&
- sEnable.equalsIgnoreCase(Constants.FALSE)) {
+ sEnable.equalsIgnoreCase(Constants.FALSE)) {
enable = false;
params.add(Constants.PR_ENABLED, Constants.FALSE);
} else {
@@ -586,7 +584,7 @@ public class CAAdminServlet extends AdminServlet {
}
IConfigStore crlSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
Enumeration crlNames = crlSubStore.getSubStoreNames();
while (crlNames.hasMoreElements()) {
@@ -673,11 +671,11 @@ public class CAAdminServlet extends AdminServlet {
/**
* Set CRL issuing points configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
- * configuring CRL profile (extensions, frequency, CRL format)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -685,8 +683,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -733,7 +731,7 @@ public class CAAdminServlet extends AdminServlet {
boolean enable = true;
if (sEnable != null && sEnable.length() > 0 &&
- sEnable.equalsIgnoreCase(Constants.FALSE)) {
+ sEnable.equalsIgnoreCase(Constants.FALSE)) {
enable = false;
params.add(Constants.PR_ENABLED, Constants.FALSE);
} else {
@@ -741,7 +739,7 @@ public class CAAdminServlet extends AdminServlet {
}
IConfigStore crlSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
boolean done = false;
Enumeration crlNames = crlSubStore.getSubStoreNames();
@@ -759,8 +757,8 @@ public class CAAdminServlet extends AdminServlet {
if (c != null) {
c.putString(Constants.PR_DESCRIPTION, desc);
- c.putString(Constants.PR_ENABLED,
- (enable) ? Constants.TRUE : Constants.FALSE);
+ c.putString(Constants.PR_ENABLED,
+ (enable) ? Constants.TRUE : Constants.FALSE);
}
done = true;
break;
@@ -833,11 +831,11 @@ public class CAAdminServlet extends AdminServlet {
/**
* Delete CRL issuing points configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
- * configuring CRL profile (extensions, frequency, CRL format)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -845,8 +843,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void deleteCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -859,7 +857,7 @@ public class CAAdminServlet extends AdminServlet {
if (id != null && id.length() > 0) {
IConfigStore crlSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
boolean done = false;
Enumeration crlNames = crlSubStore.getSubStoreNames();
@@ -938,8 +936,8 @@ public class CAAdminServlet extends AdminServlet {
}
private void getCRLExtsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String ipId = null;
@@ -974,11 +972,11 @@ public class CAAdminServlet extends AdminServlet {
/**
* Delete CRL extensions configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
- * configuring CRL profile (extensions, frequency, CRL format)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -986,8 +984,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setCRLExtsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1007,10 +1005,10 @@ public class CAAdminServlet extends AdminServlet {
IConfigStore config = mCA.getConfigStore();
IConfigStore crlsSubStore =
- config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId);
IConfigStore crlExtsSubStore =
- crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+ crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
String id = req.getParameter(Constants.RS_ID);
@@ -1092,8 +1090,8 @@ public class CAAdminServlet extends AdminServlet {
}
private void listCRLExtsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.PR_ID);
@@ -1130,12 +1128,12 @@ public class CAAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
}
- /**
+ /**
* retrieve extended plugin info such as brief description,
* type info from CRL extensions
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
@@ -1143,8 +1141,8 @@ public class CAAdminServlet extends AdminServlet {
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params =
+ getExtendedPluginInfo(getLocale(req), implType, implName);
sendResponse(SUCCESS, null, params, resp);
}
@@ -1191,11 +1189,11 @@ public class CAAdminServlet extends AdminServlet {
/**
* Set CRL configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
- * configuring CRL profile (extensions, frequency, CRL format)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -1203,7 +1201,7 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1215,7 +1213,7 @@ public class CAAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
if (id == null || id.length() <= 0 ||
- id.equals(Constants.RS_ID_CONFIG)) {
+ id.equals(Constants.RS_ID_CONFIG)) {
id = ICertificateAuthority.PROP_MASTER_CRL;
}
ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
@@ -1301,7 +1299,7 @@ public class CAAdminServlet extends AdminServlet {
}
private void getCRLConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -1309,11 +1307,11 @@ public class CAAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
if (id == null || id.length() <= 0 ||
- id.equals(Constants.RS_ID_CONFIG)) {
+ id.equals(Constants.RS_ID_CONFIG)) {
id = ICertificateAuthority.PROP_MASTER_CRL;
}
IConfigStore crlsSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
Enumeration e = req.getParameterNames();
@@ -1335,9 +1333,9 @@ public class CAAdminServlet extends AdminServlet {
getSigningAlgConfig(params);
sendResponse(SUCCESS, null, params, resp);
}
-
+
private void getConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore caConfig = mCA.getConfigStore();
IConfigStore connectorConfig = caConfig.getSubStore("connector");
@@ -1370,14 +1368,14 @@ public class CAAdminServlet extends AdminServlet {
}
private void setConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore caConfig = mCA.getConfigStore();
IConfigStore connectorConfig = caConfig.getSubStore("connector");
IConfigStore caConnectorConfig = null;
-// String nickname = CMS.getServerCertNickname();
+ // String nickname = CMS.getServerCertNickname();
if (isKRAConnector(req)) {
caConnectorConfig = connectorConfig.getSubStore("KRA");
@@ -1397,12 +1395,12 @@ public class CAAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.OP_SCOPE))
continue;
-/*
- if (name.equals("nickName")) {
- caConnectorConfig.putString(name, nickname);
- continue;
- }
-*/
+ /*
+ if (name.equals("nickName")) {
+ caConnectorConfig.putString(name, nickname);
+ continue;
+ }
+ */
if (name.equals("host")) {
try {
Utils.checkHost(req.getParameter("host"));
@@ -1456,7 +1454,7 @@ public class CAAdminServlet extends AdminServlet {
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -1476,7 +1474,6 @@ public class CAAdminServlet extends AdminServlet {
params.add(Constants.PR_EE_ENABLED, value);
*/
-
IConfigStore caConfig = mCA.getConfigStore();
value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false");
@@ -1485,18 +1482,18 @@ public class CAAdminServlet extends AdminServlet {
getSigningAlgConfig(params);
getSerialConfig(params);
getMaxSerialConfig(params);
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getSigningAlgConfig(NameValuePairs params) {
params.add(Constants.PR_DEFAULT_ALGORITHM,
- mCA.getDefaultAlgorithm());
+ mCA.getDefaultAlgorithm());
String[] algorithms = mCA.getCASigningAlgorithms();
StringBuffer algorStr = new StringBuffer();
for (int i = 0; i < algorithms.length; i++) {
- if (i == 0)
+ if (i == 0)
algorStr.append(algorithms[i]);
else {
algorStr.append(":");
@@ -1508,16 +1505,16 @@ public class CAAdminServlet extends AdminServlet {
private void getSerialConfig(NameValuePairs params) {
params.add(Constants.PR_SERIAL,
- mCA.getStartSerial());
+ mCA.getStartSerial());
}
private void getMaxSerialConfig(NameValuePairs params) {
params.add(Constants.PR_MAXSERIAL,
- mCA.getMaxSerial());
+ mCA.getMaxSerial());
}
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
ISubsystem eeGateway = null;
@@ -1573,6 +1570,6 @@ public class CAAdminServlet extends AdminServlet {
if (mLogger == null)
return;
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, "CAAdminServlet: " + msg);
+ level, "CAAdminServlet: " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index 3251e46b..30c64220 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -86,7 +85,7 @@ import com.netscape.symkey.SessionKey;
* servlet is responsible to serve Certificate Server
* level administrative operations such as configuration
* parameter updates.
- *
+ *
* @version $Revision$, $Date$
*/
public final class CMSAdminServlet extends AdminServlet {
@@ -108,13 +107,13 @@ public final class CMSAdminServlet extends AdminServlet {
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static byte EOL[] = { Character.LINE_SEPARATOR };
private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION =
- "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY =
- "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC =
- "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
+ "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
- "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+ "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
"LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
@@ -145,13 +144,13 @@ public final class CMSAdminServlet extends AdminServlet {
* Serves HTTP request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
try {
super.authenticate(req);
} catch (IOException e) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ null, resp);
return;
}
@@ -164,8 +163,8 @@ public final class CMSAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
getEnv(req, resp);
@@ -175,8 +174,8 @@ public final class CMSAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP))
@@ -199,13 +198,13 @@ public final class CMSAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP))
setDBConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_SMTP))
+ else if (scope.equals(ScopeDef.SC_SMTP))
modifySMTPConfig(req, resp);
else if (scope.equals(ScopeDef.SC_TASKS))
performTasks(req, resp);
@@ -213,9 +212,9 @@ public final class CMSAdminServlet extends AdminServlet {
modifyEncryption(req, resp);
else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT))
issueImportCert(req, resp);
- else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
+ else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
installCert(req, resp);
- else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
+ else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
importXCert(req, resp);
else if (scope.equals(ScopeDef.SC_DELETE_CERTS))
deleteCerts(req, resp);
@@ -229,8 +228,8 @@ public final class CMSAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_SUBSYSTEM))
@@ -239,11 +238,11 @@ public final class CMSAdminServlet extends AdminServlet {
getCACerts(req, resp);
else if (scope.equals(ScopeDef.SC_ALL_CERTLIST))
getAllCertsManage(req, resp);
- else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
+ else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
getUserCerts(req, resp);
- else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+ else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
getTKSKeys(req, resp);
- else if (scope.equals(ScopeDef.SC_TOKEN))
+ else if (scope.equals(ScopeDef.SC_TOKEN))
getAllTokenNames(req, resp);
else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST))
getRootCerts(req, resp);
@@ -251,21 +250,21 @@ public final class CMSAdminServlet extends AdminServlet {
mOp = "delete";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) {
deleteRootCert(req, resp);
} else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) {
- deleteUserCert(req,resp);
+ deleteUserCert(req, resp);
}
} else if (op.equals(OpDef.OP_PROCESS)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CERT_REQUEST))
@@ -282,14 +281,14 @@ public final class CMSAdminServlet extends AdminServlet {
checkTokenStatus(req, resp);
else if (scope.equals(ScopeDef.SC_SELFTESTS))
runSelfTestsOnDemand(req, resp);
- else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+ else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
createMasterKey(req, resp);
} else if (op.equals(OpDef.OP_VALIDATE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
@@ -303,7 +302,7 @@ public final class CMSAdminServlet extends AdminServlet {
}
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ null, resp);
return;
} catch (Exception e) {
StringWriter sw = new StringWriter();
@@ -316,7 +315,7 @@ public final class CMSAdminServlet extends AdminServlet {
}
private void getEnv(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -324,16 +323,16 @@ public final class CMSAdminServlet extends AdminServlet {
params.add(Constants.PR_NT, Constants.TRUE);
else
params.add(Constants.PR_NT, Constants.FALSE);
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getAllTokenNames(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList());
@@ -342,15 +341,15 @@ public final class CMSAdminServlet extends AdminServlet {
}
private void getAllNicknames(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts());
-
+
sendResponse(SUCCESS, null, params, resp);
}
@@ -363,16 +362,16 @@ public final class CMSAdminServlet extends AdminServlet {
//get subsystem type
if ((sys instanceof IKeyRecoveryAuthority) &&
- subsystem.equals("kra"))
+ subsystem.equals("kra"))
return true;
else if ((sys instanceof IRegistrationAuthority) &&
- subsystem.equals("ra"))
+ subsystem.equals("ra"))
return true;
else if ((sys instanceof ICertificateAuthority) &&
- subsystem.equals("ca"))
+ subsystem.equals("ca"))
return true;
else if ((sys instanceof IOCSPAuthority) &&
- subsystem.equals("ocsp"))
+ subsystem.equals("ocsp"))
return true;
}
@@ -380,7 +379,7 @@ public final class CMSAdminServlet extends AdminServlet {
}
private void readEncryption(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -405,17 +404,17 @@ public final class CMSAdminServlet extends AdminServlet {
isOCSPInstalled = true;
else if (sys instanceof ITKSAuthority)
isTKSInstalled = true;
-
- }
+
+ }
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String caTokenName = "";
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_CIPHER_VERSION,
- jssSubSystem.getCipherVersion());
+ jssSubSystem.getCipherVersion());
params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza());
params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences());
@@ -427,7 +426,7 @@ public final class CMSAdminServlet extends AdminServlet {
while (tokenizer.hasMoreElements()) {
String tokenName = (String) tokenizer.nextElement();
String certs = jssSubSystem.getCertListWithoutTokenName(tokenName);
-
+
if (certs.equals(""))
continue;
if (tokenNewList.equals(""))
@@ -457,7 +456,7 @@ public final class CMSAdminServlet extends AdminServlet {
if (isRAInstalled) {
IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
String raNickname = ra.getNickname();
params.add(Constants.PR_CERT_RA, getCertNickname(raNickname));
@@ -465,17 +464,17 @@ public final class CMSAdminServlet extends AdminServlet {
if (isKRAInstalled) {
IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
String kraNickname = kra.getNickname();
params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname));
}
if (isTKSInstalled) {
ITKSAuthority tks = (ITKSAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
+ CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
}
String nickName = CMS.getServerCertNickname();
-
+
params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName));
sendResponse(SUCCESS, null, params, resp);
@@ -517,17 +516,17 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Modify encryption configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when
- * configuring encryption (cert settings and SSL cipher preferences)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when configuring encryption (cert settings and SSL cipher preferences)
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to modify encryption configuration
*/
private void modifyEncryption(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -537,10 +536,10 @@ public final class CMSAdminServlet extends AdminServlet {
// to the signed audit log and stored as failures
try {
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
NameValuePairs params = new NameValuePairs();
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.getInternalTokenName();
Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -563,14 +562,14 @@ public final class CMSAdminServlet extends AdminServlet {
isCAInstalled = true;
else if (sys instanceof IOCSPAuthority)
isOCSPInstalled = true;
- else if (sys instanceof ITKSAuthority)
+ else if (sys instanceof ITKSAuthority)
isTKSInstalled = true;
}
- ICertificateAuthority ca = null;
+ ICertificateAuthority ca = null;
IRegistrationAuthority ra = null;
IKeyRecoveryAuthority kra = null;
- ITKSAuthority tks = null;
+ ITKSAuthority tks = null;
if (isCAInstalled)
ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
@@ -693,19 +692,19 @@ public final class CMSAdminServlet extends AdminServlet {
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getCertConfigNickname(String val) throws EBaseException {
@@ -767,7 +766,7 @@ public final class CMSAdminServlet extends AdminServlet {
* Performs Server Tasks: RESTART/STOP operation
*/
private void performTasks(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String restart = req.getParameter(Constants.PR_SERVER_RESTART);
String stop = req.getParameter(Constants.PR_SERVER_STOP);
@@ -795,7 +794,7 @@ public final class CMSAdminServlet extends AdminServlet {
* Reads subsystems that server has loaded with.
*/
private void readSubsystem(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -814,7 +813,7 @@ public final class CMSAdminServlet extends AdminServlet {
type = Constants.PR_CA_INSTANCE;
if (sys instanceof IOCSPAuthority)
type = Constants.PR_OCSP_INSTANCE;
- if (sys instanceof ITKSAuthority)
+ if (sys instanceof ITKSAuthority)
type = Constants.PR_TKS_INSTANCE;
if (!type.trim().equals(""))
params.add(sys.getId(), type);
@@ -827,7 +826,7 @@ public final class CMSAdminServlet extends AdminServlet {
* Reads server statistics.
*/
private void readStat(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore cs = CMS.getConfigStore();
@@ -850,9 +849,9 @@ public final class CMSAdminServlet extends AdminServlet {
}
params.add(Constants.PR_STAT_STARTUP,
- (new Date(CMS.getStartupTime())).toString());
+ (new Date(CMS.getStartupTime())).toString());
params.add(Constants.PR_STAT_TIME,
- (new Date(System.currentTimeMillis())).toString());
+ (new Date(System.currentTimeMillis())).toString());
sendResponse(SUCCESS, null, params, resp);
}
@@ -860,12 +859,12 @@ public final class CMSAdminServlet extends AdminServlet {
* Modifies database information.
*/
private void setDBConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB);
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
while (enum1.hasMoreElements()) {
String key = (String) enum1.nextElement();
@@ -876,117 +875,111 @@ public final class CMSAdminServlet extends AdminServlet {
continue;
if (key.equals(Constants.OP_SCOPE))
continue;
-
- dbConfig.putString(key, req.getParameter(key));
+
+ dbConfig.putString(key, req.getParameter(key));
}
sendResponse(RESTART, null, null, resp);
mConfig.commit(true);
}
- /**
+
+ /**
* Create Master Key
*/
-private void createMasterKey(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private void createMasterKey(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@SuppressWarnings("unchecked")
- Enumeration<String> e = req.getParameterNames();
- String newKeyName = null, selectedToken = null;
+ Enumeration<String> e = req.getParameterNames();
+ String newKeyName = null, selectedToken = null;
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- if (name.equals(Constants.PR_KEY_LIST))
- {
- newKeyName = req.getParameter(name);
- }
- if (name.equals(Constants.PR_TOKEN_LIST))
- {
- selectedToken = req.getParameter(name);
- }
-
+ if (name.equals(Constants.PR_KEY_LIST)) {
+ newKeyName = req.getParameter(name);
+ }
+ if (name.equals(Constants.PR_TOKEN_LIST)) {
+ selectedToken = req.getParameter(name);
+ }
}
- if(selectedToken!=null && newKeyName!=null)
- {
- String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName);
- CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
- String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-
- SessionKey.SetDefaultPrefix(masterKeyPrefix);
- params.add(Constants.PR_KEY_LIST, newKeyName);
- params.add(Constants.PR_TOKEN_LIST, selectedToken);
- }
- sendResponse(SUCCESS, null, params, resp);
-}
+ if (selectedToken != null && newKeyName != null) {
+ String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName);
+ CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
+ String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
+
+ SessionKey.SetDefaultPrefix(masterKeyPrefix);
+ params.add(Constants.PR_KEY_LIST, newKeyName);
+ params.add(Constants.PR_TOKEN_LIST, selectedToken);
+ }
+ sendResponse(SUCCESS, null, params, resp);
+ }
- /**
+ /**
* Reads secmod.db
*/
private void getTKSKeys(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@SuppressWarnings("unchecked")
- Enumeration<String> e = req.getParameterNames();
+ Enumeration<String> e = req.getParameterNames();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- if (name.equals(Constants.PR_TOKEN_LIST))
- {
- String selectedToken = req.getParameter(name);
-
- int count = 0;
- int keys_found = 0;
-
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
- CryptoToken token = null;
- CryptoManager mCryptoManager = null;
- try {
- mCryptoManager = CryptoManager.getInstance();
- } catch (Exception e2) {
- }
-
- if(!jssSubSystem.isTokenLoggedIn(selectedToken))
- {
- PasswordCallback cpcb = new ConsolePasswordCallback();
- while (true) {
+ if (name.equals(Constants.PR_TOKEN_LIST)) {
+ String selectedToken = req.getParameter(name);
+
+ int count = 0;
+ int keys_found = 0;
+
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+
+ CryptoToken token = null;
+ CryptoManager mCryptoManager = null;
+ try {
+ mCryptoManager = CryptoManager.getInstance();
+ } catch (Exception e2) {
+ }
+
+ if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
+ PasswordCallback cpcb = new ConsolePasswordCallback();
+ while (true) {
try {
- token = mCryptoManager.getTokenByName(selectedToken);
- token.login(cpcb);
+ token = mCryptoManager.getTokenByName(selectedToken);
+ token.login(cpcb);
break;
} catch (Exception e3) {
//log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
continue;
}
- }
- }
- // String symKeys = new String("key1,key2");
- String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
- params.add(Constants.PR_TOKEN_LIST, symKeys);
+ }
+ }
+ // String symKeys = new String("key1,key2");
+ String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
+ params.add(Constants.PR_TOKEN_LIST, symKeys);
- }
+ }
}
sendResponse(SUCCESS, null, params, resp);
}
-
-
+
/**
* Reads database information.
*/
private void getDBConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_DB);
IConfigStore ldapConfig = dbConfig.getSubStore("ldap");
NameValuePairs params = new NameValuePairs();
@SuppressWarnings("unchecked")
- Enumeration<String> e = req.getParameterNames();
-
+ Enumeration<String> e = req.getParameterNames();
+
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
@@ -998,7 +991,7 @@ private void createMasterKey(HttpServletRequest req,
continue;
if (name.equals(Constants.PR_SECURE_PORT_ENABLED))
params.add(name, ldapConfig.getString(name, "Constants.FALSE"));
- else
+ else
params.add(name, ldapConfig.getString(name, ""));
}
sendResponse(SUCCESS, null, params, resp);
@@ -1008,7 +1001,7 @@ private void createMasterKey(HttpServletRequest req,
* Modifies SMTP configuration.
*/
private void modifySMTPConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
// XXX
IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP);
@@ -1022,7 +1015,7 @@ private void createMasterKey(HttpServletRequest req,
if (port != null)
sConfig.putString("port", port);
-
+
commit(true);
sendResponse(SUCCESS, null, null, resp);
@@ -1032,23 +1025,23 @@ private void createMasterKey(HttpServletRequest req,
* Reads SMTP configuration.
*/
private void readSMTPConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP);
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_SERVER_NAME,
- dbConfig.getString("host"));
+ dbConfig.getString("host"));
params.add(Constants.PR_PORT,
- dbConfig.getString("port"));
+ dbConfig.getString("port"));
sendResponse(SUCCESS, null, params, resp);
}
private void loggedInToken(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
String tokenName = "";
String pwd = "";
@@ -1064,7 +1057,7 @@ private void createMasterKey(HttpServletRequest req,
}
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.loggedInToken(tokenName, pwd);
@@ -1074,10 +1067,10 @@ private void createMasterKey(HttpServletRequest req,
}
private void checkTokenStatus(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
String key = "";
String value = "";
@@ -1090,7 +1083,7 @@ private void createMasterKey(HttpServletRequest req,
}
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
boolean status = jssSubSystem.isTokenLoggedIn(value);
NameValuePairs params = new NameValuePairs();
@@ -1103,17 +1096,17 @@ private void createMasterKey(HttpServletRequest req,
/**
* Retrieve a certificate request
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when
- * asymmetric keys are generated
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when asymmetric keys are generated
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to retrieve certificate request
*/
private void getCertRequest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1124,7 +1117,7 @@ private void createMasterKey(HttpServletRequest req,
try {
NameValuePairs params = new NameValuePairs();
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
String keyType = "";
int keyLength = 512;
@@ -1164,10 +1157,10 @@ private void createMasterKey(HttpServletRequest req,
}
pathname = mConfig.getString("instanceRoot", "")
- + File.separator + "conf" + File.separator;
+ + File.separator + "conf" + File.separator;
dir = pathname;
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
KeyPair keypair = null;
PQGParams pqgParams = null;
@@ -1210,7 +1203,7 @@ private void createMasterKey(HttpServletRequest req,
keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType);
} else { //DSA or RSA
if (keyType.equals("DSA"))
- pqgParams = jssSubSystem.getPQG(keyLength);
+ pqgParams = jssSubSystem.getPQG(keyLength);
keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams);
}
}
@@ -1289,25 +1282,25 @@ private void createMasterKey(HttpServletRequest req,
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditPublicKey );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
- }
-
- private void setCANewnickname(String tokenName, String nickname)
- throws EBaseException {
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditPublicKey );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void setCANewnickname(String tokenName, String nickname)
+ throws EBaseException {
ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1322,16 +1315,16 @@ private void createMasterKey(HttpServletRequest req,
private String getCANewnickname() throws EBaseException {
ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
}
private void setRANewnickname(String tokenName, String nickname)
- throws EBaseException {
+ throws EBaseException {
IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
ra.setNewNickName(nickname);
@@ -1345,13 +1338,13 @@ private void createMasterKey(HttpServletRequest req,
private String getRANewnickname() throws EBaseException {
IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
return ra.getNewNickName();
}
private void setOCSPNewnickname(String tokenName, String nickname)
- throws EBaseException {
+ throws EBaseException {
IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
@@ -1367,7 +1360,7 @@ private void createMasterKey(HttpServletRequest req,
}
} else {
ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1387,20 +1380,20 @@ private void createMasterKey(HttpServletRequest req,
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
} else {
ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
}
}
- private void setKRANewnickname(String tokenName, String nickname)
- throws EBaseException {
+ private void setKRANewnickname(String tokenName, String nickname)
+ throws EBaseException {
IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
kra.setNewNickName(nickname);
@@ -1418,8 +1411,8 @@ private void createMasterKey(HttpServletRequest req,
return kra.getNewNickName();
}
- private void setRADMNewnickname(String tokenName, String nickName)
- throws EBaseException {
+ private void setRADMNewnickname(String tokenName, String nickName)
+ throws EBaseException {
CMS.setServerCertNickname(tokenName, nickName);
/*
@@ -1436,8 +1429,8 @@ private void createMasterKey(HttpServletRequest req,
*/
}
- private String getRADMNewnickname()
- throws EBaseException {
+ private String getRADMNewnickname()
+ throws EBaseException {
// assuming the nickname does not change.
return CMS.getServerCertNickname();
@@ -1449,7 +1442,7 @@ private void createMasterKey(HttpServletRequest req,
}
private void setAgentNewnickname(String tokenName, String nickName)
- throws EBaseException {
+ throws EBaseException {
CMS.setServerCertNickname(tokenName, nickName);
/*
@@ -1466,8 +1459,8 @@ private void createMasterKey(HttpServletRequest req,
*/
}
- private String getAgentNewnickname()
- throws EBaseException {
+ private String getAgentNewnickname()
+ throws EBaseException {
// assuming the nickname does not change.
return CMS.getServerCertNickname();
@@ -1481,18 +1474,17 @@ private void createMasterKey(HttpServletRequest req,
/**
* Issue import certificate
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import CA certs into the
- * certificate database
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to issue an import certificate
*/
private void issueImportCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1501,7 +1493,7 @@ private void createMasterKey(HttpServletRequest req,
// to the signed audit log and stored as failures
try {
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
String pkcs = "";
String type = "";
String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
@@ -1518,7 +1510,7 @@ private void createMasterKey(HttpServletRequest req,
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
- if (key.equals("pathname")) {
+ if (key.equals("pathname")) {
configPath = mConfig.getString("instanceRoot", "")
+ File.separator + "conf" + File.separator;
pathname = configPath + value;
@@ -1532,13 +1524,13 @@ private void createMasterKey(HttpServletRequest req,
String certType = (String) properties.get(Constants.RS_ID);
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
IDBSubsystem dbs = (IDBSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
+ CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ICertificateRepository repository =
- (ICertificateRepository) ca.getCertificateRepository();
+ (ICertificateRepository) ca.getCertificateRepository();
ISigningUnit signingUnit = ca.getSigningUnit();
String oldtokenname = null;
//this is the old nick name
@@ -1566,8 +1558,7 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
if (newtokenname == null)
@@ -1587,13 +1578,12 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
//xxx renew ca ,use old issuer?
properties.setIssuerName(
- jssSubSystem.getCertSubjectName(oldcatokenname,
+ jssSubSystem.getCertSubjectName(oldcatokenname,
canicknameWithoutTokenName));
KeyPair pair = null;
@@ -1608,8 +1598,7 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
//xxx set to old nickname?
@@ -1633,12 +1622,12 @@ private void createMasterKey(HttpServletRequest req,
defaultOCSPSigningAlg = properties.getHashType();
}
}
-
+
// create a new CA certificate or ssl server cert
if (properties.getKeyCurveName() != null) { //new ECC
CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys");
pair = jssSubSystem.getECCKeyPair(properties);
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
caKeyPair = pair;
} else if (properties.getKeyLength() != null) { //new RSA or DSA
keyType = properties.getKeyType();
@@ -1651,7 +1640,7 @@ private void createMasterKey(HttpServletRequest req,
//properties.put(Constants.PR_PQGPARAMS, pqgParams);
}
pair = jssSubSystem.getKeyPair(properties);
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
caKeyPair = pair;
// renew the CA certificate or ssl server cert
} else {
@@ -1684,7 +1673,7 @@ private void createMasterKey(HttpServletRequest req,
properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
}
- if (pair == null)
+ if (pair == null)
CMS.debug("CMSAdminServlet: issueImportCert: key pair is null");
BigInteger nextSerialNo = repository.getNextSerialNumber();
@@ -1695,12 +1684,12 @@ private void createMasterKey(HttpServletRequest req,
// properties.put(Constants.PR_CA_KEYPAIR, pair);
properties.put(Constants.PR_CA_KEYPAIR, caKeyPair);
- X509CertImpl signedCert =
- jssSubSystem.getSignedCert(properties, certType,
+ X509CertImpl signedCert =
+ jssSubSystem.getSignedCert(properties, certType,
caKeyPair.getPrivate());
- if (signedCert == null)
- CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
+ if (signedCert == null)
+ CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
/* bug 600124
try {
@@ -1721,7 +1710,7 @@ private void createMasterKey(HttpServletRequest req,
certType);
} catch (EBaseException e) {
// if it fails, let use a different nickname to try
- Date now = new Date();
+ Date now = new Date();
String newNickname = nicknameWithoutTokenName
+ "-" + now.getTime();
@@ -1746,20 +1735,20 @@ private void createMasterKey(HttpServletRequest req,
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
try {
X509CertInfo certInfo = (X509CertInfo) signedCert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ certInfo.get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
BasicConstraintsExtension basic =
- (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.class.getSimpleName());
+ (BasicConstraintsExtension)
+ extensions.get(BasicConstraintsExtension.class.getSimpleName());
if (basic == null)
log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
else {
Integer pathlen = (Integer)
- basic.get(BasicConstraintsExtension.PATH_LEN);
+ basic.get(BasicConstraintsExtension.PATH_LEN);
int num = pathlen.intValue();
if (num == 0)
@@ -1776,7 +1765,7 @@ private void createMasterKey(HttpServletRequest req,
}
}
- CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+ CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+ " newtoken:" + newtokenname + " nickname:" + nickname);
if ((newtokenname != null &&
!newtokenname.equals(oldtokenname)) || nicknameChanged) {
@@ -1786,10 +1775,10 @@ private void createMasterKey(HttpServletRequest req,
newtokenname);
} else {
signingUnit.updateConfig(newtokenname + ":" +
- nicknameWithoutTokenName,
+ nicknameWithoutTokenName,
newtokenname);
}
- } else if (certType.equals(Constants.PR_SERVER_CERT)) {
+ } else if (certType.equals(Constants.PR_SERVER_CERT)) {
if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
nickname = nicknameWithoutTokenName;
} else {
@@ -1802,8 +1791,8 @@ private void createMasterKey(HttpServletRequest req,
modifyAgentGatewayCert(nickname);
if (isSubsystemInstalled("ra")) {
IRegistrationAuthority ra =
- (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ (IRegistrationAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
modifyEEGatewayCert(ra, nickname);
}
@@ -1820,23 +1809,23 @@ private void createMasterKey(HttpServletRequest req,
modifyRADMCert(nickname);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
- if (ca != null) {
+ if (ca != null) {
ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
ocspSigningUnit.updateConfig(
- nicknameWithoutTokenName, newtokenname);
+ nicknameWithoutTokenName, newtokenname);
} else {
ocspSigningUnit.updateConfig(newtokenname + ":" +
- nicknameWithoutTokenName,
- newtokenname);
+ nicknameWithoutTokenName,
+ newtokenname);
}
}
}
}
-
+
// set signing algorithms if needed
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
signingUnit.setDefaultAlgorithm(defaultSigningAlg);
if (defaultOCSPSigningAlg != null) {
@@ -1884,46 +1873,45 @@ private void createMasterKey(HttpServletRequest req,
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
- }
-
- private void updateCASignature(String nickname, KeyCertData properties,
- ICryptoSubsystem jssSubSystem) throws EBaseException {
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void updateCASignature(String nickname, KeyCertData properties,
+ ICryptoSubsystem jssSubSystem) throws EBaseException {
String alg = jssSubSystem.getSignatureAlgorithm(nickname);
SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
properties.setSignatureAlgorithm(sigAlg);
properties.setAlgorithmId(
- jssSubSystem.getAlgorithmId(alg, mConfig));
+ jssSubSystem.getAlgorithmId(alg, mConfig));
}
/**
* Install certificates
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import CA certs into the
- * certificate database
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to install a certificate
*/
private void installCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1940,37 +1928,37 @@ private void createMasterKey(HttpServletRequest req,
String serverID = "";
String certpath = "";
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
while (enum1.hasMoreElements()) {
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
- if (key.equals(Constants.PR_PKCS10))
+ if (key.equals(Constants.PR_PKCS10))
pkcs = value;
else if (key.equals(Constants.RS_ID))
certType = value;
else if (key.equals(Constants.PR_NICKNAME))
nickname = value;
- else if (key.equals("pathname"))
+ else if (key.equals("pathname"))
pathname = value;
else if (key.equals(Constants.PR_SERVER_ROOT))
serverRoot = value;
- else if (key.equals(Constants.PR_SERVER_ID))
+ else if (key.equals(Constants.PR_SERVER_ID))
serverID = value;
- else if (key.equals(Constants.PR_CERT_FILEPATH))
+ else if (key.equals(Constants.PR_CERT_FILEPATH))
certpath = value;
}
-
+
try {
if (pkcs == null || pkcs.equals("")) {
if (certpath == null || certpath.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
@@ -1981,7 +1969,7 @@ private void createMasterKey(HttpServletRequest req,
} else {
FileInputStream in = new FileInputStream(certpath);
BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ new BufferedReader(new InputStreamReader(in));
String content = "";
pkcs = "";
@@ -2009,7 +1997,7 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+ CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
}
pkcs = pkcs.trim();
@@ -2017,7 +2005,7 @@ private void createMasterKey(HttpServletRequest req,
+ File.separator + "config" + File.separator + pathname;
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
//String nickname = getNickname(certType);
String nicknameWithoutTokenName = "";
@@ -2039,7 +2027,7 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
/*
@@ -2094,17 +2082,17 @@ private void createMasterKey(HttpServletRequest req,
// nickname).
//
- CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName);
+ CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName);
try {
- jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
- certType);
+ jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
+ certType);
} catch (EBaseException e) {
boolean certFound = false;
String eString = e.toString();
- if(eString.contains("Failed to find certificate that was just imported")) {
- CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString);
+ if (eString.contains("Failed to find certificate that was just imported")) {
+ CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString);
X509Certificate cert = null;
try {
@@ -2116,11 +2104,11 @@ private void createMasterKey(HttpServletRequest req,
} catch (Exception ex) {
CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString());
}
- }
+ }
if (!certFound) {
// if it fails, let use a different nickname to try
- Date now = new Date();
+ Date now = new Date();
String newNickname = nicknameWithoutTokenName + "-" +
now.getTime();
@@ -2131,16 +2119,16 @@ private void createMasterKey(HttpServletRequest req,
} else {
nickname = tokenName + ":" + newNickname;
}
- CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname);
- }
+ CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + nickname);
+ }
}
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
ICertificateAuthority ca =
- (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
String signatureAlg =
- jssSubSystem.getSignatureAlgorithm(nickname);
+ jssSubSystem.getSignatureAlgorithm(nickname);
signingUnit.setDefaultAlgorithm(signatureAlg);
setCANewnickname("", "");
@@ -2149,26 +2137,26 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
extensions = jssSubSystem.getExtensions(
- Constants.PR_INTERNAL_TOKEN_NAME, nickname);
+ Constants.PR_INTERNAL_TOKEN_NAME, nickname);
} else {
String tokenname1 = nickname.substring(0, index);
signingUnit.updateConfig(nickname, tokenname1);
extensions = jssSubSystem.getExtensions(tokenname1,
- nicknameWithoutTokenName);
+ nicknameWithoutTokenName);
}
if (extensions != null) {
BasicConstraintsExtension basic =
- (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.class.getSimpleName());
+ (BasicConstraintsExtension)
+ extensions.get(BasicConstraintsExtension.class.getSimpleName());
if (basic == null)
log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
else {
Integer pathlen = (Integer)
- basic.get(BasicConstraintsExtension.PATH_LEN);
+ basic.get(BasicConstraintsExtension.PATH_LEN);
int num = pathlen.intValue();
if (num == 0)
@@ -2187,34 +2175,34 @@ private void createMasterKey(HttpServletRequest req,
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
setRANewnickname("", "");
IRegistrationAuthority ra =
- (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
ra.setNickname(nickname);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
setOCSPNewnickname("", "");
IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
} else {
String tokenname1 = nickname.substring(0, index);
signingUnit.updateConfig(nickname, tokenname1);
}
- } else {
+ } else {
ICertificateAuthority ca =
- (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ (ICertificateAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
} else {
String tokenname1 = nickname.substring(0, index);
@@ -2224,7 +2212,7 @@ private void createMasterKey(HttpServletRequest req,
} else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
setKRANewnickname("", "");
IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
kra.setNickname(nickname);
} else if (certType.equals(Constants.PR_SERVER_CERT)) {
@@ -2233,15 +2221,15 @@ private void createMasterKey(HttpServletRequest req,
modifyAgentGatewayCert(nickname);
if (isSubsystemInstalled("ra")) {
IRegistrationAuthority ra =
- (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ (IRegistrationAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_RA);
modifyEEGatewayCert(ra, nickname);
}
if (isSubsystemInstalled("ca")) {
ICertificateAuthority ca =
- (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ (ICertificateAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
modifyCAGatewayCert(ca, nickname);
}
@@ -2252,7 +2240,7 @@ private void createMasterKey(HttpServletRequest req,
boolean verified = CMS.verifySystemCertByNickname(nickname, null);
if (verified == true) {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname);
+ CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname);
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
auditSubjectID,
@@ -2261,7 +2249,7 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
} else {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname);
+ CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname);
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
auditSubjectID,
@@ -2280,11 +2268,11 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
mConfig.commit(true);
- if(verified == true) {
+ if (verified == true) {
sendResponse(SUCCESS, null, null, resp);
} else {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"),
- null, resp);
+ null, resp);
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
@@ -2310,37 +2298,36 @@ private void createMasterKey(HttpServletRequest req,
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
/**
* For "importing" cross-signed cert into internal db for further
* cross pair matching and publishing
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import a CA cross-signed
- * certificate into the database
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import a CA cross-signed certificate into the database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to import a cross-certificate pair
*/
private void importXCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2355,7 +2342,7 @@ private void createMasterKey(HttpServletRequest req,
String serverID = "";
String certpath = "";
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
NameValuePairs results = new NameValuePairs();
while (enum1.hasMoreElements()) {
@@ -2363,29 +2350,29 @@ private void createMasterKey(HttpServletRequest req,
String value = req.getParameter(key);
// really should be PR_CERT_CONTENT
- if (key.equals(Constants.PR_PKCS10))
+ if (key.equals(Constants.PR_PKCS10))
b64Cert = value;
else if (key.equals(Constants.RS_ID))
certType = value;
- else if (key.equals("pathname"))
+ else if (key.equals("pathname"))
pathname = value;
else if (key.equals(Constants.PR_SERVER_ROOT))
serverRoot = value;
- else if (key.equals(Constants.PR_SERVER_ID))
+ else if (key.equals(Constants.PR_SERVER_ID))
serverID = value;
- else if (key.equals(Constants.PR_CERT_FILEPATH))
+ else if (key.equals(Constants.PR_CERT_FILEPATH))
certpath = value;
}
-
+
try {
if (b64Cert == null || b64Cert.equals("")) {
if (certpath == null || certpath.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
@@ -2396,7 +2383,7 @@ private void createMasterKey(HttpServletRequest req,
} else {
FileInputStream in = new FileInputStream(certpath);
BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ new BufferedReader(new InputStreamReader(in));
String content = "";
b64Cert = "";
@@ -2423,7 +2410,7 @@ private void createMasterKey(HttpServletRequest req,
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+ CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
}
CMS.debug("CMSAdminServlet: got b64Cert");
b64Cert = Cert.stripBrackets(b64Cert.trim());
@@ -2441,7 +2428,7 @@ private void createMasterKey(HttpServletRequest req,
+ File.separator + "config" + File.separator + pathname;
ICrossCertPairSubsystem ccps =
- (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+ (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
try {
//this will import into internal ldap crossCerts entry
@@ -2480,8 +2467,8 @@ private void createMasterKey(HttpServletRequest req,
}
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- String content = jssSubSystem.getCertPrettyPrint(b64Cert,
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ String content = jssSubSystem.getCertPrettyPrint(b64Cert,
super.getLocale(req));
results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert");
@@ -2521,19 +2508,19 @@ private void createMasterKey(HttpServletRequest req,
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getNickname(String certType) throws EBaseException {
@@ -2541,13 +2528,13 @@ private void createMasterKey(HttpServletRequest req,
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
ICertificateAuthority ca =
- (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
nickname = signingUnit.getNickname();
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp == null) {
// this is a local CA service
@@ -2562,28 +2549,28 @@ private void createMasterKey(HttpServletRequest req,
}
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
IRegistrationAuthority ra =
- (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
nickname = ra.getNickname();
} else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
nickname = kra.getNickname();
} else if (certType.equals(Constants.PR_SERVER_CERT)) {
nickname = CMS.getServerCertNickname();
} else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
nickname = CMS.getServerCertNickname();
- }
+ }
return nickname;
}
private void getCertInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
NameValuePairs results = new NameValuePairs();
String pkcs = "";
String path = "";
@@ -2616,7 +2603,7 @@ private void createMasterKey(HttpServletRequest req,
} else {
FileInputStream in = new FileInputStream(path);
BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ new BufferedReader(new InputStreamReader(in));
String content = "";
pkcs = "";
@@ -2640,7 +2627,7 @@ private void createMasterKey(HttpServletRequest req,
int totalLen = pkcs.length();
if (pkcs.indexOf(BEGIN_HEADER) != 0 ||
- pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
+ pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
}
@@ -2665,7 +2652,7 @@ private void createMasterKey(HttpServletRequest req,
nickname = getNickname(certType);
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String content = jssSubSystem.getCertPrettyPrint(pkcs,
super.getLocale(req));
@@ -2678,12 +2665,12 @@ private void createMasterKey(HttpServletRequest req,
}
private void getCertPrettyPrint(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String serialno = "";
String issuername = "";
@@ -2703,7 +2690,7 @@ private void createMasterKey(HttpServletRequest req,
if (key.equals(Constants.PR_NICK_NAME)) {
nickname = value;
continue;
- }
+ }
if (key.equals(Constants.PR_SERIAL_NUMBER)) {
serialno = value;
continue;
@@ -2714,20 +2701,20 @@ private void createMasterKey(HttpServletRequest req,
}
}
- String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
- serialno, issuername, locale);
+ String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
+ serialno, issuername, locale);
pairs.add(nickname, print);
sendResponse(SUCCESS, null, pairs, resp);
}
private void getRootCertTrustBit(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String serialno = "";
String issuername = "";
@@ -2759,92 +2746,92 @@ private void createMasterKey(HttpServletRequest req,
}
String trustbit = jssSubSystem.getRootCertTrustBit(nickname,
- serialno, issuername);
+ serialno, issuername);
pairs.add(nickname, trustbit);
sendResponse(SUCCESS, null, pairs, resp);
}
private void getCACerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getCACerts();
sendResponse(SUCCESS, null, pairs, resp);
}
private void deleteRootCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
int mindex = id.indexOf(":SERIAL#<");
String nickname = id.substring(0, mindex);
String sstr1 = id.substring(mindex);
int lindex = sstr1.indexOf(">");
String serialno = sstr1.substring(9, lindex);
- String issuername = sstr1.substring(lindex+1);
+ String issuername = sstr1.substring(lindex + 1);
jssSubSystem.deleteRootCert(nickname, serialno, issuername);
sendResponse(SUCCESS, null, null, resp);
}
private void deleteUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
int mindex = id.indexOf(":SERIAL#<");
String nickname = id.substring(0, mindex);
String sstr1 = id.substring(mindex);
int lindex = sstr1.indexOf(">");
String serialno = sstr1.substring(9, lindex);
- String issuername = sstr1.substring(lindex+1);
+ String issuername = sstr1.substring(lindex + 1);
jssSubSystem.deleteUserCert(nickname, serialno, issuername);
sendResponse(SUCCESS, null, null, resp);
}
private void getRootCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getRootCerts();
sendResponse(SUCCESS, null, pairs, resp);
}
private void getAllCertsManage(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getAllCertsManage();
sendResponse(SUCCESS, null, pairs, resp);
}
private void getUserCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getUserCerts();
sendResponse(SUCCESS, null, pairs, resp);
}
private void deleteCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String date = "";
@@ -2872,9 +2859,9 @@ private void createMasterKey(HttpServletRequest req,
}
private void validateSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
while (enum1.hasMoreElements()) {
@@ -2883,19 +2870,19 @@ private void createMasterKey(HttpServletRequest req,
if (key.equals(Constants.PR_SUBJECT_NAME)) {
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.isX500DN(value);
}
}
sendResponse(SUCCESS, null, null, resp);
- }
+ }
private void validateKeyLength(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
String keyType = "RSA";
String keyLen = "512";
@@ -2917,16 +2904,16 @@ private void createMasterKey(HttpServletRequest req,
int minKey = mConfig.getInteger(
ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512);
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
// jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey);
sendResponse(SUCCESS, null, null, resp);
}
private void validateCurveName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
String curveName = null;
@@ -2942,7 +2929,7 @@ private void createMasterKey(HttpServletRequest req,
String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521");
String[] curves = curveList.split(",");
boolean match = false;
- for (int i=0; i<curves.length; i++) {
+ for (int i = 0; i < curves.length; i++) {
if (curves[i].equals(curveName)) {
match = true;
}
@@ -2955,9 +2942,9 @@ private void createMasterKey(HttpServletRequest req,
}
private void validateCertExtension(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
String certExt = "";
@@ -2972,19 +2959,19 @@ private void createMasterKey(HttpServletRequest req,
}
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.checkCertificateExt(certExt);
sendResponse(SUCCESS, null, null, resp);
}
private void getSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
-
+
String nickname = "";
String keyType = "RSA";
String keyLen = "512";
@@ -3003,7 +2990,7 @@ private void createMasterKey(HttpServletRequest req,
}
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String subjectName = jssSubSystem.getSubjectDN(nickname);
params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3011,7 +2998,7 @@ private void createMasterKey(HttpServletRequest req,
}
private void processSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@SuppressWarnings("unchecked")
@@ -3033,7 +3020,7 @@ private void createMasterKey(HttpServletRequest req,
}
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String subjectName = jssSubSystem.getSubjectDN(nickname);
params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3041,7 +3028,7 @@ private void createMasterKey(HttpServletRequest req,
}
public void setRootCertTrust(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3053,10 +3040,10 @@ private void createMasterKey(HttpServletRequest req,
CMS.debug("CMSAdminServlet: setRootCertTrust()");
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
try {
jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
auditSubjectID,
@@ -3083,18 +3070,17 @@ private void createMasterKey(HttpServletRequest req,
/**
* Establish trust of a CA certificate
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Manage Certificate" is used to edit the trustness of certs and
- * deletion of certs
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Manage Certificate" is used to edit the trustness of certs and deletion of certs
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to establish CA certificate trust
*/
private void trustCACert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3104,10 +3090,10 @@ private void createMasterKey(HttpServletRequest req,
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String trust = "";
while (enum1.hasMoreElements()) {
@@ -3160,41 +3146,41 @@ private void createMasterKey(HttpServletRequest req,
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
/**
* Execute all self tests specified to be run on demand.
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
- * tests are run on demand
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self tests are run on demand
* </ul>
+ *
* @exception EMissingSelfTestException a self test plugin instance
- * property name was missing
+ * property name was missing
* @exception ESelfTestException a self test is missing a required
- * configuration parameter
+ * configuration parameter
* @exception IOException an input/output error has occurred
*/
private synchronized void
- runSelfTestsOnDemand(HttpServletRequest req,
- HttpServletResponse resp)
- throws EMissingSelfTestException,
- ESelfTestException,
- IOException {
+ runSelfTestsOnDemand(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws EMissingSelfTestException,
+ ESelfTestException,
+ IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3203,7 +3189,7 @@ private void createMasterKey(HttpServletRequest req,
try {
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " ENTERING . . .");
+ + " ENTERING . . .");
}
@SuppressWarnings("unchecked")
Enumeration<String> enum1 = req.getParameterNames();
@@ -3224,10 +3210,10 @@ private void createMasterKey(HttpServletRequest req,
}
ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
+ CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
if ((request == null) ||
- (request.equals(""))) {
+ (request.equals(""))) {
// self test plugin run on demand request parameter was missing
// log the error
logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST",
@@ -3236,7 +3222,7 @@ private void createMasterKey(HttpServletRequest req,
);
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -3264,7 +3250,7 @@ private void createMasterKey(HttpServletRequest req,
getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
content += logMessage
@@ -3288,8 +3274,8 @@ private void createMasterKey(HttpServletRequest req,
getServletInfo());
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -3309,7 +3295,7 @@ private void createMasterKey(HttpServletRequest req,
}
ISelfTest test = (ISelfTest)
- mSelfTestSubsystem.getSelfTest(instanceName);
+ mSelfTestSubsystem.getSelfTest(instanceName);
if (test == null) {
// self test plugin instance property name is not present
@@ -3319,8 +3305,8 @@ private void createMasterKey(HttpServletRequest req,
instanceFullName);
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -3342,9 +3328,9 @@ private void createMasterKey(HttpServletRequest req,
try {
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " running \""
- + test.getSelfTestName()
- + "\"");
+ + " running \""
+ + test.getSelfTestName()
+ + "\"");
}
// store this information for console notification
@@ -3368,8 +3354,8 @@ private void createMasterKey(HttpServletRequest req,
instanceFullName);
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -3401,7 +3387,7 @@ private void createMasterKey(HttpServletRequest req,
logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED",
getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
content += logMessage
@@ -3412,7 +3398,7 @@ private void createMasterKey(HttpServletRequest req,
getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
content += logMessage
@@ -3429,14 +3415,14 @@ private void createMasterKey(HttpServletRequest req,
// notify console of SUCCESS
results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS,
- CMSAdminServlet.class.getName());
+ CMSAdminServlet.class.getName());
results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT,
- content);
+ content);
sendResponse(SUCCESS, null, results, resp);
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " EXITING.");
+ + " EXITING.");
}
} catch (EMissingSelfTestException eAudit1) {
// store a message in the signed audit log file
@@ -3475,16 +3461,16 @@ private void createMasterKey(HttpServletRequest req,
}
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
}
/**
* Signed Audit Log Public Key
- *
+ *
* This method is called to obtain the public key from the passed in
* "KeyPair" object for a signed audit log message.
* <P>
- *
+ *
* @param object a Key Pair Object
* @return key string containing the public key
*/
@@ -3533,4 +3519,3 @@ private void createMasterKey(HttpServletRequest req,
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
index 7f18d94e..b310f8c9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -42,7 +41,6 @@ import com.netscape.certsrv.jobs.IJobsScheduler;
import com.netscape.certsrv.jobs.JobPlugin;
import com.netscape.certsrv.logging.ILogger;
-
/**
* A class representing an administration servlet for the
* Jobs Scheduler and it's scheduled jobs.
@@ -82,16 +80,16 @@ public class JobsAdminServlet extends AdminServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
+ /**
* retrieve extended plugin info such as brief description, type info
* from jobs
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -100,8 +98,8 @@ public class JobsAdminServlet extends AdminServlet {
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params =
+ getExtendedPluginInfo(getLocale(req), implType, implName);
sendResponse(SUCCESS, null, params, resp);
}
@@ -111,7 +109,7 @@ public class JobsAdminServlet extends AdminServlet {
Object impl = null;
JobPlugin jp =
- (JobPlugin) mJobsSched.getPlugins().get(implName);
+ (JobPlugin) mJobsSched.getPlugins().get(implName);
if (jp != null)
impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath());
@@ -137,7 +135,7 @@ public class JobsAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String scope = req.getParameter(Constants.OP_SCOPE);
@@ -145,17 +143,17 @@ public class JobsAdminServlet extends AdminServlet {
if (op == null) {
//System.out.println("SRVLT_INVALID_PROTOCOL");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
return;
}
try {
super.authenticate(req);
} catch (IOException e) {
- sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+ null, resp);
return;
}
@@ -165,8 +163,8 @@ public class JobsAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS))
@@ -174,27 +172,27 @@ public class JobsAdminServlet extends AdminServlet {
else if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
getConfig(req, resp);
else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
- getInstConfig(req, resp);
+ getInstConfig(req, resp);
else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
- try {
- getExtendedPluginInfo(req, resp);
- } catch (EBaseException e) {
- sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
- return;
+ try {
+ getExtendedPluginInfo(req, resp);
+ } catch (EBaseException e) {
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
+ return;
}
} else {
//System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS)) {
@@ -202,17 +200,17 @@ public class JobsAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) {
modJobsInst(req, resp, scope);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -221,17 +219,17 @@ public class JobsAdminServlet extends AdminServlet {
listJobsInsts(req, resp);
else {
//System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -240,17 +238,17 @@ public class JobsAdminServlet extends AdminServlet {
addJobsInst(req, resp, scope);
else {
//System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -259,41 +257,41 @@ public class JobsAdminServlet extends AdminServlet {
delJobsInst(req, resp, scope);
else {
//System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+ null, resp);
return;
}
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
+ }
}
- private synchronized void addJobPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addJobPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// is the job plugin id unique?
if (mJobsSched.getPlugins().containsKey((Object) id)) {
sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
- null, resp);
+ new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
@@ -301,15 +299,15 @@ public class JobsAdminServlet extends AdminServlet {
if (classPath == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"),
+ null, resp);
return;
}
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
// Does the class exist?
Class newImpl = null;
@@ -318,13 +316,13 @@ public class JobsAdminServlet extends AdminServlet {
newImpl = Class.forName(classPath);
} catch (ClassNotFoundException e) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
+ null, resp);
return;
} catch (IllegalArgumentException e) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
+ null, resp);
return;
}
@@ -332,14 +330,14 @@ public class JobsAdminServlet extends AdminServlet {
try {
if (IJob.class.isAssignableFrom(newImpl) == false) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
+ null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
+ null, resp);
return;
}
@@ -353,8 +351,8 @@ public class JobsAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -362,8 +360,8 @@ public class JobsAdminServlet extends AdminServlet {
JobPlugin plugin = new JobPlugin(id, classPath);
mJobsSched.getPlugins().put(id, plugin);
- mJobsSched.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
+ mJobsSched.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
NameValuePairs params = new NameValuePairs();
@@ -371,24 +369,24 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void addJobsInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addJobsInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// is the job instance id unique?
if (mJobsSched.getInstances().containsKey((Object) id)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
+ null, resp);
return;
}
@@ -399,21 +397,21 @@ public class JobsAdminServlet extends AdminServlet {
if (implname == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
+ null, resp);
return;
}
// check if implementation exists.
JobPlugin plugin =
- (JobPlugin) mJobsSched.getPlugins().get(implname);
+ (JobPlugin) mJobsSched.getPlugins().get(implname);
if (plugin == null) {
sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
- id)).toString(),
- null, resp);
+ new
+ EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+ id)).toString(),
+ null, resp);
return;
}
@@ -423,9 +421,9 @@ public class JobsAdminServlet extends AdminServlet {
String[] configParams = mJobsSched.getConfigParams(implname);
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -437,10 +435,10 @@ public class JobsAdminServlet extends AdminServlet {
substore.put(key, val);
} else if (!key.equals("profileId")) {
sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
- key)).toString(),
- null, resp);
+ new
+ EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+ key)).toString(),
+ null, resp);
return;
}
}
@@ -458,28 +456,28 @@ public class JobsAdminServlet extends AdminServlet {
// cleanup
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ new EJobsException(
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ new EJobsException(
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ new EJobsException(
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
}
-
+
IJobsScheduler scheduler = (IJobsScheduler)
- CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+ CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
// initialize the job plugin
try {
@@ -498,16 +496,16 @@ public class JobsAdminServlet extends AdminServlet {
// clean up.
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mJobsSched.getInstances().put(id, jobsInst);
- mJobsSched.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
+ mJobsSched.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
NameValuePairs params = new NameValuePairs();
@@ -516,8 +514,8 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void listJobPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listJobPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -525,8 +523,8 @@ public class JobsAdminServlet extends AdminServlet {
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- JobPlugin value = (JobPlugin)
- mJobsSched.getPlugins().get(name);
+ JobPlugin value = (JobPlugin)
+ mJobsSched.getPlugins().get(name);
params.add(name, value.getClassPath());
// params.add(name, value.getClassPath()+EDIT);
@@ -535,29 +533,28 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void listJobsInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listJobsInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
- for (Enumeration e = mJobsSched.getInstances().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mJobsSched.getInstances().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
- IJob value = (IJob)
- mJobsSched.getInstances().get((Object) name);
+ IJob value = (IJob)
+ mJobsSched.getInstances().get((Object) name);
// params.add(name, value.getImplName());
params.add(name, value.getImplName() + VISIBLE +
- (value.isEnabled() ? ENABLED : DISABLED)
- );
+ (value.isEnabled() ? ENABLED : DISABLED)
+ );
}
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void delJobPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delJobPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -566,42 +563,41 @@ public class JobsAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does this job plugin exist?
if (mJobsSched.getPlugins().containsKey(id) == false) {
sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
- id)).toString(),
- null, resp);
+ new
+ EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+ id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this job plugin
// DON'T remove job plugin if any instance
- for (Enumeration e = mJobsSched.getInstances().elements();
- e.hasMoreElements();) {
+ for (Enumeration e = mJobsSched.getInstances().elements(); e.hasMoreElements();) {
IJob jobs = (IJob) e.nextElement();
if ((jobs.getImplName()).equals(id)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"),
+ null, resp);
return;
}
}
-
+
// then delete this job plugin
mJobsSched.getPlugins().remove((Object) id);
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
@@ -609,8 +605,8 @@ public class JobsAdminServlet extends AdminServlet {
mConfig.commit(true);
} catch (EBaseException e) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -618,8 +614,8 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void delJobsInst(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delJobsInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -628,17 +624,17 @@ public class JobsAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does job plugin instance exist?
if (mJobsSched.getInstances().containsKey(id) == false) {
sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
- id)).toString(),
- null, resp);
+ new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
+ id)).toString(),
+ null, resp);
return;
}
@@ -651,9 +647,9 @@ public class JobsAdminServlet extends AdminServlet {
// remove the configuration.
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
@@ -662,8 +658,8 @@ public class JobsAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -673,24 +669,24 @@ public class JobsAdminServlet extends AdminServlet {
/**
* used for getting the required configuration parameters (with
- * possible default values) for a particular job plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this job scheduler subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * possible default values) for a particular job plugin
+ * implementation name specified in the RS_ID. Actually, there is
+ * no logic in here to set any default value here...there's no
+ * default value for any parameter in this job scheduler subsystem
+ * at this point. Later, if we do have one (or some), it can be
+ * added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -708,25 +704,25 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does job plugin instance exist?
if (mJobsSched.getInstances().containsKey(id) == false) {
sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
- id)).toString(),
- null, resp);
+ new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
+ id)).toString(),
+ null, resp);
return;
}
@@ -758,15 +754,15 @@ public class JobsAdminServlet extends AdminServlet {
/**
* Modify job plugin instance.
- * This will actually create a new instance with new configuration
- * parameters and replace the old instance, if the new instance
+ * This will actually create a new instance with new configuration
+ * parameters and replace the old instance, if the new instance
* created and initialized successfully.
* The old instance is left running. so this is very expensive.
* Restart of server recommended.
*/
- private synchronized void modJobsInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modJobsInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
// expensive operation.
@@ -775,16 +771,16 @@ public class JobsAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// Does the job instance exist?
if (!mJobsSched.getInstances().containsKey((Object) id)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
+ null, resp);
return;
}
@@ -793,27 +789,27 @@ public class JobsAdminServlet extends AdminServlet {
if (implname == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
+ null, resp);
return;
}
// get plugin for implementation
JobPlugin plugin =
- (JobPlugin) mJobsSched.getPlugins().get(implname);
+ (JobPlugin) mJobsSched.getPlugins().get(implname);
if (plugin == null) {
sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
- id)).toString(),
- null, resp);
+ new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+ id)).toString(),
+ null, resp);
return;
}
// save old instance substore params in case new one fails.
- IJob oldinst =
- (IJob) mJobsSched.getInstances().get((Object) id);
+ IJob oldinst =
+ (IJob) mJobsSched.getInstances().get((Object) id);
IConfigStore oldConfig = oldinst.getConfigStore();
String[] oldConfigParms = oldinst.getConfigParams();
@@ -821,7 +817,7 @@ public class JobsAdminServlet extends AdminServlet {
// implName is always required so always include it it.
saveParams.add(IJobsScheduler.PROP_PLUGIN,
- (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
+ (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
if (oldConfigParms != null) {
for (int i = 0; i < oldConfigParms.length; i++) {
String key = oldConfigParms[i];
@@ -838,9 +834,9 @@ public class JobsAdminServlet extends AdminServlet {
// remove old substore.
IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
@@ -861,10 +857,10 @@ public class JobsAdminServlet extends AdminServlet {
} else if (!key.equals("profileId")) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
- key)).toString(),
- null, resp);
+ new
+ EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+ key)).toString(),
+ null, resp);
return;
}
}
@@ -880,30 +876,30 @@ public class JobsAdminServlet extends AdminServlet {
// cleanup
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ new EJobsException(
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ new EJobsException(
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ new EJobsException(
+ CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
}
// initialize the job plugin
IJobsScheduler scheduler = (IJobsScheduler)
- CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+ CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
try {
newJobInst.init(scheduler, id, implname, substore);
@@ -928,8 +924,8 @@ public class JobsAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -937,8 +933,8 @@ public class JobsAdminServlet extends AdminServlet {
mJobsSched.getInstances().put(id, newJobInst);
- mJobsSched.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
+ mJobsSched.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
NameValuePairs params = new NameValuePairs();
@@ -947,24 +943,24 @@ public class JobsAdminServlet extends AdminServlet {
}
private void getSettings(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- params.add(Constants.PR_ENABLE,
- config.getString(IJobsScheduler.PROP_ENABLED,
- Constants.FALSE));
+ params.add(Constants.PR_ENABLE,
+ config.getString(IJobsScheduler.PROP_ENABLED,
+ Constants.FALSE));
// default 1 minute
- params.add(Constants.PR_JOBS_FREQUENCY,
- config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
+ params.add(Constants.PR_JOBS_FREQUENCY,
+ config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
//System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
private void setSettings(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ throws ServletException, IOException, EBaseException {
//Save New Settings to the config file
IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
@@ -980,12 +976,12 @@ public class JobsAdminServlet extends AdminServlet {
//set frequency
String interval =
- req.getParameter(Constants.PR_JOBS_FREQUENCY);
+ req.getParameter(Constants.PR_JOBS_FREQUENCY);
if (interval != null) {
config.putString(IJobsScheduler.PROP_INTERVAL, interval);
mJobsSched.setInterval(
- config.getInteger(IJobsScheduler.PROP_INTERVAL));
+ config.getInteger(IJobsScheduler.PROP_INTERVAL));
}
if (enabledChanged == true) {
@@ -999,8 +995,8 @@ public class JobsAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store,
+ String id, NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -1010,7 +1006,7 @@ public class JobsAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (!value.equals(""))
+ if (!value.equals(""))
rstore.put(key, value);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
index e4138d74..1dd34666 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -35,13 +34,12 @@ import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.logging.ILogger;
-
/**
* A class representings an administration servlet for Key
- * Recovery Authority. This servlet is responsible to serve
- * KRA administrative operation such as configuration
+ * Recovery Authority. This servlet is responsible to serve
+ * KRA administrative operation such as configuration
* parameter updates.
- *
+ *
* @version $Revision$, $Date$
*/
public class KRAAdminServlet extends AdminServlet {
@@ -57,7 +55,7 @@ public class KRAAdminServlet extends AdminServlet {
private IKeyRecoveryAuthority mKRA = null;
private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
- "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
/**
* Constructs KRA servlet.
@@ -73,49 +71,49 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
String scope = req.getParameter(Constants.OP_SCOPE);
if (scope == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+ null, resp);
return;
}
-
+
try {
AUTHZ_RES_NAME = "certServer.kra.configuration";
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
/* Functions not implemented in console
@@ -129,7 +127,7 @@ public class KRAAdminServlet extends AdminServlet {
getNotificationRIQConfig(req, resp);
return;
} else
- */
+ */
if (scope.equals(ScopeDef.SC_GENERAL)) {
getGeneralConfig(req, resp);
return;
@@ -138,8 +136,8 @@ public class KRAAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
/* Functions not implemented in console
@@ -158,24 +156,24 @@ public class KRAAdminServlet extends AdminServlet {
} else
*/
if (scope.equals(ScopeDef.SC_GENERAL)) {
- setGeneralConfig(req,resp);
+ setGeneralConfig(req, resp);
}
- }
+ }
} catch (EBaseException e) {
// convert exception into locale-specific message
- sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)),
+ null, resp);
return;
} catch (Exception e) {
e.printStackTrace();
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -188,7 +186,7 @@ public class KRAAdminServlet extends AdminServlet {
}
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
boolean restart = false;
@@ -202,14 +200,14 @@ public class KRAAdminServlet extends AdminServlet {
if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) {
try {
- int number = Integer.parseInt(value);
+ int number = Integer.parseInt(value);
mKRA.setNoOfRequiredAgents(number);
} catch (NumberFormatException e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
throw new EBaseException("Number of agents must be an integer");
@@ -220,10 +218,10 @@ public class KRAAdminServlet extends AdminServlet {
commit(true);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
audit(auditMessage);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
index 08d6fcf5..95ed2361 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -45,13 +44,12 @@ import com.netscape.certsrv.logging.ILogSubsystem;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.LogPlugin;
-
/**
* A class representings an administration servlet for logging
* subsystem. This servlet is responsible to serve
* logging administrative operation such as configuration
* parameter updates and log retriever.
- *
+ *
* @version $Revision$, $Date$
*/
public class LogAdminServlet extends AdminServlet {
@@ -70,11 +68,11 @@ public class LogAdminServlet extends AdminServlet {
private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT =
- "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE =
- "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
+ "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE =
- "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
+ "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
/**
* Constructs Log servlet.
@@ -114,15 +112,15 @@ public class LogAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
return;
}
@@ -138,8 +136,8 @@ public class LogAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
try {
@@ -155,8 +153,8 @@ public class LogAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
@@ -169,17 +167,17 @@ public class LogAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_GENERAL)) {
getGeneralConfig(req, resp);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
@@ -190,17 +188,17 @@ public class LogAdminServlet extends AdminServlet {
delLogInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
@@ -211,9 +209,9 @@ public class LogAdminServlet extends AdminServlet {
addLogInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_MODIFY)) {
@@ -221,8 +219,8 @@ public class LogAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
@@ -232,17 +230,17 @@ public class LogAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_GENERAL)) {
setGeneralConfig(req, resp);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
@@ -268,13 +266,13 @@ public class LogAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
ILogEventListener loginst =
- mSys.getLogInstance(instName);
+ mSys.getLogInstance(instName);
if (loginst != null) {
NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req));
@@ -296,12 +294,12 @@ public class LogAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
ILogEventListener loginst =
- mSys.getLogInstance(instName);
+ mSys.getLogInstance(instName);
if (loginst != null) {
NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req));
@@ -310,15 +308,15 @@ public class LogAdminServlet extends AdminServlet {
}
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+ null, resp);
return;
}
}
@@ -329,15 +327,15 @@ public class LogAdminServlet extends AdminServlet {
System.out.println("XXX >>>" + e.toString() + "<<<");
e.printStackTrace();
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
}
return;
}
- private synchronized void listLogInsts(HttpServletRequest req,
- HttpServletResponse resp, boolean all) throws ServletException,
+ private synchronized void listLogInsts(HttpServletRequest req,
+ HttpServletResponse resp, boolean all) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -351,9 +349,9 @@ public class LogAdminServlet extends AdminServlet {
if (value == null)
continue;
String pName = mSys.getLogPluginName(value);
- LogPlugin pClass = (LogPlugin)
- mSys.getLogPlugins().get(pName);
- String c = pClass.getClassPath();
+ LogPlugin pClass = (LogPlugin)
+ mSys.getLogPlugins().get(pName);
+ String c = pClass.getClassPath();
// not show ntEventlog here
if (all || (!all && !c.endsWith("NTEventLog")))
@@ -363,12 +361,12 @@ public class LogAdminServlet extends AdminServlet {
return;
}
- /**
+ /**
* retrieve extended plugin info such as brief description, type info
* from logging
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -381,10 +379,10 @@ public class LogAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
- IExtendedPluginInfo ext_info = null;
+ private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ IExtendedPluginInfo ext_info = null;
Object impl = null;
- LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName);
+ LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName);
if (lp != null) {
impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath());
@@ -410,11 +408,11 @@ public class LogAdminServlet extends AdminServlet {
/**
* Add log plug-in
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
- * configuring signedAudit
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -423,9 +421,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
@SuppressWarnings("unchecked")
- private synchronized void addLogPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addLogPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -457,8 +455,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -476,8 +474,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
@@ -496,8 +494,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"),
+ null, resp);
return;
}
@@ -505,7 +503,7 @@ public class LogAdminServlet extends AdminServlet {
destStore = mConfig.getSubStore("log");
IConfigStore instancesConfig =
- destStore.getSubStore("impl");
+ destStore.getSubStore("impl");
// Does the class exist?
Class<ILogEventListener> newImpl = null;
@@ -525,8 +523,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
+ null, resp);
return;
} catch (IllegalArgumentException e) {
// store a message in the signed audit log file
@@ -541,8 +539,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
+ null, resp);
return;
}
@@ -561,8 +559,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
+ null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
@@ -578,8 +576,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
+ null, resp);
return;
}
@@ -605,8 +603,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -682,11 +680,11 @@ public class LogAdminServlet extends AdminServlet {
/**
* Add log instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
- * configuring signedAudit
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -694,9 +692,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addLogInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addLogInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -726,8 +724,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -743,8 +741,8 @@ public class LogAdminServlet extends AdminServlet {
audit(auditMessage);
}
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'",
+ null, resp);
return;
}
@@ -761,8 +759,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
+ null, resp);
return;
}
@@ -783,15 +781,15 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+ null, resp);
return;
}
// check if implementation exists.
LogPlugin plugin =
- (LogPlugin) mSys.getLogPlugins().get(
- implname);
+ (LogPlugin) mSys.getLogPlugins().get(
+ implname);
if (plugin == null) {
// store a message in the signed audit log file
@@ -806,17 +804,17 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(),
- null, resp);
+ new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
Vector<String> configParams = mSys.getLogDefaultParams(implname);
IConfigStore destStore =
- mConfig.getSubStore("log");
+ mConfig.getSubStore("log");
IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -826,11 +824,11 @@ public class LogAdminServlet extends AdminServlet {
String val = req.getParameter(kv.substring(0, index));
if (val == null) {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
} else {
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index),
+ val);
}
}
}
@@ -864,8 +862,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
@@ -882,8 +880,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
@@ -900,8 +898,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
}
@@ -962,8 +960,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1026,28 +1024,28 @@ public class LogAdminServlet extends AdminServlet {
}
}
- private synchronized void listLogPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listLogPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration<String> e = mSys.getLogPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- LogPlugin value = (LogPlugin)
- mSys.getLogPlugins().get(name);
+ LogPlugin value = (LogPlugin)
+ mSys.getLogPlugins().get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
ILogEventListener lp = (ILogEventListener)
- Class.forName(c).newInstance();
+ Class.forName(c).newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
- sendResponse(ERROR, exp.toString(), null,
- resp);
+ sendResponse(ERROR, exp.toString(), null,
+ resp);
return;
}
params.add(name, value.getClassPath() + "," + desc);
@@ -1069,11 +1067,11 @@ public class LogAdminServlet extends AdminServlet {
/**
* Delete log instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
- * configuring signedAudit
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -1081,9 +1079,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delLogInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delLogInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1116,8 +1114,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1135,8 +1133,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
- null, resp);
+ new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -1144,15 +1142,15 @@ public class LogAdminServlet extends AdminServlet {
// cannot shutdown because we don't keep track of whether it's
// being used.
ILogEventListener logInst = (ILogEventListener)
- mSys.getLogInstance(id);
+ mSys.getLogInstance(id);
mSys.getLogInsts().remove((Object) id);
// remove the configuration.
IConfigStore destStore =
- mConfig.getSubStore("log");
+ mConfig.getSubStore("log");
IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
// commiting
@@ -1173,8 +1171,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1233,11 +1231,11 @@ public class LogAdminServlet extends AdminServlet {
/**
* Delete log plug-in
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
- * configuring signedAudit
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -1245,9 +1243,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delLogPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delLogPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1280,8 +1278,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1298,15 +1296,14 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(),
- null, resp);
+ new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this log
// DON'T remove log if any instance
- for (Enumeration<String> e = mSys.getLogInsts().keys();
- e.hasMoreElements();) {
+ for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
ILogEventListener log = mSys.getLogInstance(name);
@@ -1323,19 +1320,19 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"),
+ null, resp);
return;
}
}
-
+
// then delete this log
mSys.getLogPlugins().remove((Object) id);
IConfigStore destStore =
- mConfig.getSubStore("log");
+ mConfig.getSubStore("log");
IConfigStore instancesConfig =
- destStore.getSubStore("impl");
+ destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
// commiting
@@ -1354,8 +1351,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1414,18 +1411,13 @@ public class LogAdminServlet extends AdminServlet {
/**
* Modify log instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
- * configuring signedAudit
- * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file
- * name (including any path changes) for any of audit, system, transaction,
- * or other customized log file change is attempted (authorization should
- * not allow, but make sure it's written after the attempt)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log
- * expiration time change is attempted (authorization should not allow, but
- * make sure it's written after the attempt)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file name (including any path changes) for any of audit, system, transaction, or other customized log file change is attempted (authorization should not allow, but make sure it's written after the attempt)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log expiration time change is attempted (authorization should not allow, but make sure it's written after the attempt)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -1433,9 +1425,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modLogInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modLogInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1490,8 +1482,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1509,8 +1501,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
+ null, resp);
return;
}
@@ -1530,14 +1522,14 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+ CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ null, resp);
return;
}
// get plugin for implementation
LogPlugin plugin =
- (LogPlugin) mSys.getLogPlugins().get(implname);
+ (LogPlugin) mSys.getLogPlugins().get(implname);
if (plugin == null) {
// store a message in the signed audit log file
@@ -1552,14 +1544,14 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp);
+ new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp);
return;
}
// save old instance substore params in case new one fails.
ILogEventListener oldinst =
- (ILogEventListener) mSys.getLogInstance(id);
+ (ILogEventListener) mSys.getLogInstance(id);
Vector<String> oldConfigParms = oldinst.getInstanceParams();
NameValuePairs saveParams = new NameValuePairs();
@@ -1571,7 +1563,7 @@ public class LogAdminServlet extends AdminServlet {
int index = kv.indexOf('=');
saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ kv.substring(index + 1));
}
}
@@ -1580,9 +1572,9 @@ public class LogAdminServlet extends AdminServlet {
// remove old substore.
IConfigStore destStore =
- mConfig.getSubStore("log");
+ mConfig.getSubStore("log");
IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ destStore.getSubStore("instance");
// create new substore.
@@ -1627,16 +1619,15 @@ public class LogAdminServlet extends AdminServlet {
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
- AUTHZ_RES_NAME =
+ AUTHZ_RES_NAME =
"certServer.log.configuration";
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
String key = kv.substring(0, index);
String val = req.getParameter(key);
- if
- (key.equals("level")) {
- if (val.equals(ILogger.LL_DEBUG_STRING))
+ if (key.equals("level")) {
+ if (val.equals(ILogger.LL_DEBUG_STRING))
val = "0";
else if (val.equals(ILogger.LL_INFO_STRING))
val = "1";
@@ -1653,9 +1644,8 @@ public class LogAdminServlet extends AdminServlet {
}
- if
- (key.equals("rolloverInterval")) {
- if (val.equals("Hourly"))
+ if (key.equals("rolloverInterval")) {
+ if (val.equals("Hourly"))
val = Integer.toString(60 * 60);
else if (val.equals("Daily"))
val = Integer.toString(60 * 60 * 24);
@@ -1667,8 +1657,7 @@ public class LogAdminServlet extends AdminServlet {
val = Integer.toString(60 * 60 * 24 * 365);
}
- if
- (key.equals(Constants.PR_LOG_TYPE)) {
+ if (key.equals(Constants.PR_LOG_TYPE)) {
type = val;
}
@@ -1679,7 +1668,7 @@ public class LogAdminServlet extends AdminServlet {
val = val.trim();
newLogPath = val;
if (!val.equals(origVal.trim())) {
- AUTHZ_RES_NAME =
+ AUTHZ_RES_NAME =
"certServer.log.configuration.fileName";
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
@@ -1709,58 +1698,58 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
- return;
- }
- }
- }
-/*
- if (key.equals("expirationTime")) {
- String origVal = substore.getString(key);
-
- val = val.trim();
- newExpirationTime = val;
- if (!val.equals(origVal.trim())) {
- if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
- AUTHZ_RES_NAME =
- "certServer.log.configuration.signedAudit.expirationTime";
- }
- mOp = "modify";
- if ((mToken = super.authorize(req)) == null) {
- // store a message in the signed audit log
- // file (regardless of logType)
- if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }
-
- // store a message in the signed audit log
- // file
- if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
- }
-
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
}
}
-*/
+ /*
+ if (key.equals("expirationTime")) {
+ String origVal = substore.getString(key);
+
+ val = val.trim();
+ newExpirationTime = val;
+ if (!val.equals(origVal.trim())) {
+ if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
+ AUTHZ_RES_NAME =
+ "certServer.log.configuration.signedAudit.expirationTime";
+ }
+ mOp = "modify";
+ if ((mToken = super.authorize(req)) == null) {
+ // store a message in the signed audit log
+ // file (regardless of logType)
+ if (!(newExpirationTime.equals(origExpirationTime))) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ logType,
+ newExpirationTime);
+
+ audit(auditMessage);
+ }
+
+ // store a message in the signed audit log
+ // file
+ if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+ }
+
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ }
+ }
+ */
substore.put(key, val);
}
}
@@ -1772,7 +1761,7 @@ public class LogAdminServlet extends AdminServlet {
ILogEventListener newMgrInst = null;
try {
- newMgrInst = (ILogEventListener)
+ newMgrInst = (ILogEventListener)
Class.forName(className).newInstance();
} catch (ClassNotFoundException e) {
// check to see if the log file path parameter was changed
@@ -1823,8 +1812,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
// check to see if the log file path parameter was changed
@@ -1873,8 +1862,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
// check to see if the log file path parameter was changed
@@ -1923,8 +1912,8 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+ null, resp);
return;
}
// initialize the log
@@ -1981,16 +1970,16 @@ public class LogAdminServlet extends AdminServlet {
}
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
// commited ok. replace instance.
- // REMOVED - we didn't do anything to shut off the old instance
- // so, it will still be running at this point. You'd have two
- // log isntances writing to the same file - this would be a big PROBLEM!!!
+ // REMOVED - we didn't do anything to shut off the old instance
+ // so, it will still be running at this point. You'd have two
+ // log isntances writing to the same file - this would be a big PROBLEM!!!
//mSys.getLogInsts().put(id, newMgrInst);
@@ -2184,24 +2173,24 @@ public class LogAdminServlet extends AdminServlet {
/**
* used for getting the required configuration parameters (with
- * possible default values) for a particular plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this log subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * possible default values) for a particular plugin
+ * implementation name specified in the RS_ID. Actually, there is
+ * no logic in here to set any default value here...there's no
+ * default value for any parameter in this log subsystem
+ * at this point. Later, if we do have one (or some), it can be
+ * added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -2218,8 +2207,8 @@ public class LogAdminServlet extends AdminServlet {
if (index == -1) {
params.add(kv, "");
} else {
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
}
@@ -2227,8 +2216,8 @@ public class LogAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -2236,34 +2225,34 @@ public class LogAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does log instance exist?
if (mSys.getLogInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
- null, resp);
+ new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
ILogEventListener logInst = (ILogEventListener)
- mSys.getLogInstance(id);
+ mSys.getLogInstance(id);
Vector<String> configParams = logInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_LOG_IMPL_NAME,
- getLogPluginName(logInst));
+ params.add(Constants.PR_LOG_IMPL_NAME,
+ getLogPluginName(logInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
@@ -2272,8 +2261,8 @@ public class LogAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store,
+ String id, NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -2283,17 +2272,17 @@ public class LogAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (value != null)
+ if (value != null)
rstore.put(key, value);
}
}
/**
* Signed Audit Check Log Path
- *
+ *
* This method is called to extract the log file path.
* <P>
- *
+ *
* @param req http servlet request
* @return a string containing the log file path
*/
@@ -2311,7 +2300,7 @@ public class LogAdminServlet extends AdminServlet {
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -2327,11 +2316,11 @@ public class LogAdminServlet extends AdminServlet {
}
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
@SuppressWarnings("unchecked")
- Enumeration<String> enum1 = req.getParameterNames();
+ Enumeration<String> enum1 = req.getParameterNames();
boolean restart = false;
while (enum1.hasMoreElements()) {
@@ -2353,7 +2342,7 @@ public class LogAdminServlet extends AdminServlet {
CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value);
throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL);
}
- }
+ }
}
mConfig.commit(true);
@@ -2365,4 +2354,3 @@ public class LogAdminServlet extends AdminServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
index 152b364f..a968b5b3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -39,13 +38,12 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.ocsp.IOCSPStore;
-
/**
* A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve OCSP
- * administrative operations such as configuration parameter
+ * Authority. This servlet is responsible to serve OCSP
+ * administrative operations such as configuration parameter
* updates.
- *
+ *
* @version $Revision$, $Date$
*/
public class OCSPAdminServlet extends AdminServlet {
@@ -60,7 +58,7 @@ public class OCSPAdminServlet extends AdminServlet {
private final static String INFO = "OCSPAdminServlet";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE =
- "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
private IOCSPAuthority mOCSP = null;
@@ -88,9 +86,9 @@ public class OCSPAdminServlet extends AdminServlet {
* the authenticate manager.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
-
+
//get all operational flags
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
@@ -99,18 +97,18 @@ public class OCSPAdminServlet extends AdminServlet {
if ((op == null) || (scope == null)) {
sendResponse(1, "Invalid Protocol", null, resp);
return;
- }
+ }
super.authenticate(req);
-
+
try {
AUTHZ_RES_NAME = "certServer.ocsp.configuration";
if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
try {
@@ -126,8 +124,8 @@ public class OCSPAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
setDefaultStore(req, resp);
@@ -139,8 +137,8 @@ public class OCSPAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -154,8 +152,8 @@ public class OCSPAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -169,8 +167,8 @@ public class OCSPAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
@@ -189,7 +187,7 @@ public class OCSPAdminServlet extends AdminServlet {
* type info from CRL extensions
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
@@ -198,7 +196,7 @@ public class OCSPAdminServlet extends AdminServlet {
String implName = id.substring(colon + 1);
NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ getExtendedPluginInfo(getLocale(req), implType, implName);
sendResponse(SUCCESS, null, params, resp);
}
@@ -229,12 +227,11 @@ public class OCSPAdminServlet extends AdminServlet {
/**
* Set default OCSP store
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
- * configuring OCSP profile (everything under Online Certificate Status
- * Manager)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -242,8 +239,8 @@ public class OCSPAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setDefaultStore(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -253,7 +250,7 @@ public class OCSPAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID,
- id);
+ id);
commit(true);
// store a message in the signed audit log file
@@ -306,8 +303,8 @@ public class OCSPAdminServlet extends AdminServlet {
}
private void getOCSPStoresConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
IOCSPStore store = mOCSP.getOCSPStore(id);
@@ -319,12 +316,11 @@ public class OCSPAdminServlet extends AdminServlet {
/**
* Set OCSP store configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
- * configuring OCSP profile (everything under Online Certificate Status
- * Manager)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -332,8 +328,8 @@ public class OCSPAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setOCSPStoresConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -418,8 +414,8 @@ public class OCSPAdminServlet extends AdminServlet {
}
private void listOCSPStoresConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mOCSP.getConfigStore();
String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID);
@@ -439,7 +435,7 @@ public class OCSPAdminServlet extends AdminServlet {
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -451,7 +447,7 @@ public class OCSPAdminServlet extends AdminServlet {
private void getSigningAlgConfig(NameValuePairs params) {
params.add(Constants.PR_DEFAULT_ALGORITHM,
- mOCSP.getDefaultAlgorithm());
+ mOCSP.getDefaultAlgorithm());
String[] algorithms = mOCSP.getOCSPSigningAlgorithms();
StringBuffer algorStr = new StringBuffer();
@@ -460,7 +456,7 @@ public class OCSPAdminServlet extends AdminServlet {
algorStr.append(algorithms[i]);
else
algorStr.append(":");
- algorStr.append(algorithms[i]);
+ algorStr.append(algorithms[i]);
}
params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
}
@@ -468,12 +464,11 @@ public class OCSPAdminServlet extends AdminServlet {
/**
* Set general OCSP configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
- * configuring OCSP profile (everything under Online Certificate Status
- * Manager)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -481,7 +476,7 @@ public class OCSPAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -538,7 +533,7 @@ public class OCSPAdminServlet extends AdminServlet {
// rethrow the specific exception to be handled later
throw eAudit2;
-
+
}
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
index 10a768a2..e2193cd6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -44,14 +43,13 @@ import com.netscape.certsrv.policy.IPolicyProcessor;
import com.netscape.certsrv.policy.IPolicyRule;
import com.netscape.certsrv.ra.IRegistrationAuthority;
-
/**
* This class is an administration servlet for policy management.
- *
+ *
* Each service (CA, KRA, RA) should be responsible
* for registering an instance of this with the remote
* administration subsystem.
- *
+ *
* @version $Revision$, $Date$
*/
public class PolicyAdminServlet extends AdminServlet {
@@ -63,8 +61,8 @@ public class PolicyAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "PolicyAdminServlet";
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD =
+ "PASSWORD_CACHE_ADD";
public final static String PROP_PREDICATE = "predicate";
private IPolicyProcessor mProcessor = null;
@@ -85,7 +83,7 @@ public class PolicyAdminServlet extends AdminServlet {
public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY =
- "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
/**
* Constructs administration servlet.
@@ -102,7 +100,7 @@ public class PolicyAdminServlet extends AdminServlet {
String authority = config.getInitParameter(PROP_AUTHORITY);
String policyStatus = null;
- CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" );
+ CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!");
// CMS 6.1 began utilizing the "Certificate Profiles" framework
// instead of the legacy "Certificate Policies" framework.
@@ -138,28 +136,28 @@ public class PolicyAdminServlet extends AdminServlet {
policyStatus = ICertificateAuthority.ID
+ "." + "Policy"
+ "." + IPolicyProcessor.PROP_ENABLE;
- if( mConfig.getBoolean( policyStatus, true ) == true ) {
+ if (mConfig.getBoolean(policyStatus, true) == true) {
// NOTE: If "ca.Policy.enable=<boolean>" is missing,
// then the referenced instance existed prior
// to this name=value pair existing in its
// 'CS.cfg' file, and thus we err on the
// side that the user may still need to
// use the policy framework.
- CMS.debug( "PolicyAdminServlet::init "
+ CMS.debug("PolicyAdminServlet::init "
+ "Certificate Policy Framework (deprecated) "
- + "is ENABLED" );
+ + "is ENABLED");
} else {
// CS 8.1 Default: ca.Policy.enable=false
- CMS.debug( "PolicyAdminServlet::init "
+ CMS.debug("PolicyAdminServlet::init "
+ "Certificate Policy Framework (deprecated) "
- + "is DISABLED" );
- return;
+ + "is DISABLED");
+ return;
}
- } catch( EBaseException e ) {
- throw new ServletException( authority
+ } catch (EBaseException e) {
+ throw new ServletException(authority
+ " does not have a "
+ "master policy switch called '"
- + policyStatus + "'" );
+ + policyStatus + "'");
}
} else if (mAuthority instanceof IRegistrationAuthority) {
// this refers to the legacy RA (pre-CMS 7.0)
@@ -167,34 +165,34 @@ public class PolicyAdminServlet extends AdminServlet {
} else if (mAuthority instanceof IKeyRecoveryAuthority) {
mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor();
try {
- policyStatus = IKeyRecoveryAuthority.ID
+ policyStatus = IKeyRecoveryAuthority.ID
+ "." + "Policy"
+ "." + IPolicyProcessor.PROP_ENABLE;
- if( mConfig.getBoolean( policyStatus, true ) == true ) {
+ if (mConfig.getBoolean(policyStatus, true) == true) {
// NOTE: If "kra.Policy.enable=<boolean>" is missing,
// then the referenced instance existed prior
// to this name=value pair existing in its
// 'CS.cfg' file, and thus we err on the
// side that the user may still need to
// use the policy framework.
- CMS.debug( "PolicyAdminServlet::init "
+ CMS.debug("PolicyAdminServlet::init "
+ "Certificate Policy Framework (deprecated) "
- + "is ENABLED" );
+ + "is ENABLED");
} else {
// CS 8.1 Default: kra.Policy.enable=false
- CMS.debug( "PolicyAdminServlet::init "
+ CMS.debug("PolicyAdminServlet::init "
+ "Certificate Policy Framework (deprecated) "
- + "is DISABLED" );
- return;
+ + "is DISABLED");
+ return;
}
- } catch( EBaseException e ) {
- throw new ServletException( authority
+ } catch (EBaseException e) {
+ throw new ServletException(authority
+ " does not have a "
+ "master policy switch called '"
- + policyStatus + "'" );
+ + policyStatus + "'");
}
- } else
- throw new ServletException(authority + " does not have policy processor!");
+ } else
+ throw new ServletException(authority + " does not have policy processor!");
}
/**
@@ -204,15 +202,15 @@ public class PolicyAdminServlet extends AdminServlet {
return INFO;
}
- /**
+ /**
* retrieve extended plugin info such as brief description, type info
- * from policy, authentication,
- * need to add: listener, mapper and publishing plugins
+ * from policy, authentication,
+ * need to add: listener, mapper and publishing plugins
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
-
+
if (!readAuthorize(req, resp))
return;
String id = req.getParameter(Constants.RS_ID);
@@ -248,27 +246,27 @@ public class PolicyAdminServlet extends AdminServlet {
ext_info = (IExtendedPluginInfo) impl;
}
}
-
+
NameValuePairs nvps = null;
-
+
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
}
-
+
return nvps;
}
public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType,
- String implName,
- String instName) {
+ String implName,
+ String instName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
IPolicyRule policy = mProcessor.getPolicyInstance(instName);
-
+
impl = policy;
if (impl == null) {
impl = mProcessor.getPolicyImpl(implName);
@@ -313,8 +311,8 @@ public class PolicyAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
@@ -332,30 +330,30 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
+ }
} else
sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
}
- private boolean readAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return false;
}
return true;
}
- private boolean modifyAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return false;
}
return true;
@@ -365,8 +363,8 @@ public class PolicyAdminServlet extends AdminServlet {
* Process Policy Implementation Management.
*/
public void processPolicyImplMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -388,12 +386,12 @@ public class PolicyAdminServlet extends AdminServlet {
addPolicyImpl(req, resp);
} else
sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ null, resp);
}
public void processPolicyRuleMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -424,17 +422,17 @@ public class PolicyAdminServlet extends AdminServlet {
modifyPolicyInstance(req, resp);
} else
sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ null, resp);
}
public void listPolicyImpls(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
Enumeration policyImplNames = mProcessor.getPolicyImplsInfo();
Enumeration policyImpls = mProcessor.getPolicyImpls();
if (policyImplNames == null ||
- policyImpls == null) {
+ policyImpls == null) {
sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp);
return;
}
@@ -443,12 +441,12 @@ public class PolicyAdminServlet extends AdminServlet {
NameValuePairs nvp = new NameValuePairs();
while (policyImplNames.hasMoreElements() &&
- policyImpls.hasMoreElements()) {
+ policyImpls.hasMoreElements()) {
String id = (String) policyImplNames.nextElement();
IPolicyRule impl = (IPolicyRule)
- policyImpls.nextElement();
+ policyImpls.nextElement();
String className =
- impl.getClass().getName();
+ impl.getClass().getName();
String desc = impl.getDescription();
nvp.add(id, className + "," + desc);
@@ -457,8 +455,8 @@ public class PolicyAdminServlet extends AdminServlet {
}
public void listPolicyInstances(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo();
if (instancesInfo == null) {
@@ -475,7 +473,7 @@ public class PolicyAdminServlet extends AdminServlet {
int i = info.indexOf(";");
nvp.add(info.substring(0, i), info.substring(i + 1));
-
+
}
sendResponse(SUCCESS, null, nvp, resp);
}
@@ -483,19 +481,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Delete policy implementation
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
- * configuring cert policy constraints and extensions
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deletePolicyImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -574,8 +572,8 @@ public class PolicyAdminServlet extends AdminServlet {
}
public void getPolicyImplConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
@@ -604,19 +602,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Add policy implementation
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
- * configuring cert policy constraints and extensions
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -710,19 +708,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Delete policy instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
- * configuring cert policy constraints and extensions
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deletePolicyInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -801,8 +799,8 @@ public class PolicyAdminServlet extends AdminServlet {
}
public void getPolicyInstanceConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy rule id.
String id = req.getParameter(Constants.RS_ID).trim();
@@ -836,7 +834,7 @@ public class PolicyAdminServlet extends AdminServlet {
}
public void
- putUserPWPair(String combo) {
+ putUserPWPair(String combo) {
int semicolon;
semicolon = combo.indexOf(";");
@@ -849,19 +847,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Add policy instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
- * configuring cert policy constraints and extensions
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1005,19 +1003,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Change ordering of policy instances
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
- * configuring cert policy constraints and extensions
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void changePolicyInstanceOrdering(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1025,7 +1023,7 @@ public class PolicyAdminServlet extends AdminServlet {
// to the signed audit log and stored as failures
try {
String policyOrder =
- req.getParameter(Constants.PR_POLICY_ORDER);
+ req.getParameter(Constants.PR_POLICY_ORDER);
if (policyOrder == null) {
// store a message in the signed audit log file
@@ -1095,19 +1093,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Modify policy instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
- * configuring cert policy constraints and extensions
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyPolicyInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1252,4 +1250,3 @@ public class PolicyAdminServlet extends AdminServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
index 9c83a30c..99f61935 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
@@ -53,14 +52,13 @@ import com.netscape.certsrv.registry.IPluginInfo;
import com.netscape.certsrv.registry.IPluginRegistry;
import com.netscape.cms.profile.common.ProfilePolicy;
-
/**
* This class is an administration servlet for policy management.
- *
+ *
* Each service (CA, KRA, RA) should be responsible
* for registering an instance of this with the remote
* administration subsystem.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileAdminServlet extends AdminServlet {
@@ -72,8 +70,8 @@ public class ProfileAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "ProfileAdminServlet";
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD =
+ "PASSWORD_CACHE_ADD";
public final static String PROP_PREDICATE = "predicate";
private IAuthority mAuthority = null;
@@ -97,7 +95,7 @@ public class ProfileAdminServlet extends AdminServlet {
public static String BAD_CONFIGURATION_VAL = "Invalid configuration value.";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
- "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
/**
* Constructs administration servlet.
@@ -130,8 +128,8 @@ public class ProfileAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
@@ -139,7 +137,7 @@ public class ProfileAdminServlet extends AdminServlet {
AUTHZ_RES_NAME = "certServer.profile.configuration";
String scope = req.getParameter(Constants.OP_SCOPE);
- CMS.debug("ProfileAdminServlet: service scope: " + scope);
+ CMS.debug("ProfileAdminServlet: service scope: " + scope);
if (scope.equals(ScopeDef.SC_PROFILE_RULES)) {
processProfileRuleMgmt(req, resp);
} else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) {
@@ -162,33 +160,33 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
}
- private boolean readAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return false;
}
return true;
}
- private boolean modifyAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return false;
}
return true;
}
public void processProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -208,8 +206,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -230,8 +228,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -252,8 +250,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileInputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -269,8 +267,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileOutputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -286,8 +284,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -307,8 +305,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -332,8 +330,8 @@ public class ProfileAdminServlet extends AdminServlet {
* Process Policy Implementation Management.
*/
public void processPolicyImplMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -343,12 +341,12 @@ public class ProfileAdminServlet extends AdminServlet {
listProfileImpls(req, resp);
} else
sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ null, resp);
}
public void processProfileRuleMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -374,15 +372,15 @@ public class ProfileAdminServlet extends AdminServlet {
modifyProfileInstance(req, resp);
} else
sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ null, resp);
}
/**
* Lists all registered profile impementations
*/
public void listProfileImpls(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
Enumeration<String> impls = mRegistry.getIds("profile");
NameValuePairs nvp = new NameValuePairs();
@@ -391,29 +389,28 @@ public class ProfileAdminServlet extends AdminServlet {
String id = (String) impls.nextElement();
IPluginInfo info = mRegistry.getPluginInfo("profile", id);
- nvp.add(id, info.getClassName() + "," +
- info.getDescription(getLocale(req)));
- }
+ nvp.add(id, info.getClassName() + "," +
+ info.getDescription(getLocale(req)));
+ }
sendResponse(SUCCESS, null, nvp, resp);
}
/**
* Add policy profile
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -451,10 +448,10 @@ public class ProfileAdminServlet extends AdminServlet {
if (mProfileSub.isProfileEnable(profileId)) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_CREATE_POLICY_FAILED",
- "Profile is currently enabled"),
- null, resp);
+ CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Profile is currently enabled"),
+ null, resp);
return;
}
@@ -466,27 +463,27 @@ public class ProfileAdminServlet extends AdminServlet {
try {
if (!isValidId(setId)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_CREATE_POLICY_FAILED",
- "Invalid set id " + setId),
- null, resp);
- return;
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Invalid set id " + setId),
+ null, resp);
+ return;
}
if (!isValidId(pId)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_CREATE_POLICY_FAILED",
- "Invalid policy id " + pId),
- null, resp);
- return;
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Invalid policy id " + pId),
+ null, resp);
+ return;
}
policy = profile.createProfilePolicy(setId, pId,
defImpl, conImpl);
} catch (EBaseException e1) {
// error
CMS.debug("ProfileAdminServlet: addProfilePolicy " +
- e1.toString());
+ e1.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -498,9 +495,9 @@ public class ProfileAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
- e1.toString()),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
+ e1.toString()),
+ null, resp);
return;
}
NameValuePairs nvp = new NameValuePairs();
@@ -545,20 +542,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Add profile input
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -594,11 +590,11 @@ public class ProfileAdminServlet extends AdminServlet {
IProfileInput input = null;
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
NameValuePairs nvps = new NameValuePairs();
while (names.hasMoreElements()) {
- String name = names.nextElement();
+ String name = names.nextElement();
if (name.equals("OP_SCOPE"))
continue;
@@ -623,9 +619,9 @@ public class ProfileAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
- e1.toString()),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
+ e1.toString()),
+ null, resp);
return;
}
@@ -672,20 +668,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Add profile output
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -721,11 +716,11 @@ public class ProfileAdminServlet extends AdminServlet {
IProfileOutput output = null;
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
NameValuePairs nvps = new NameValuePairs();
while (names.hasMoreElements()) {
- String name = names.nextElement();
+ String name = names.nextElement();
if (name.equals("OP_SCOPE"))
continue;
@@ -751,9 +746,9 @@ public class ProfileAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
- e1.toString()),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
+ e1.toString()),
+ null, resp);
return;
}
@@ -800,20 +795,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Delete policy profile
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -823,10 +817,10 @@ public class ProfileAdminServlet extends AdminServlet {
String profileId = "";
String policyId = "";
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
- String name = names.nextElement();
+ String name = names.nextElement();
if (name.equals("OP_SCOPE"))
continue;
@@ -921,20 +915,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Delete profile input
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -944,7 +937,7 @@ public class ProfileAdminServlet extends AdminServlet {
String profileId = "";
String inputId = "";
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
@@ -1039,20 +1032,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Delete profile output
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1062,7 +1054,7 @@ public class ProfileAdminServlet extends AdminServlet {
String profileId = "";
String outputId = "";
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1157,20 +1149,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Add default policy profile configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1201,7 +1192,7 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1210,9 +1201,9 @@ public class ProfileAdminServlet extends AdminServlet {
IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
IPolicyDefault def = policy.getDefault();
IConfigStore defConfig = def.getConfigStore();
-
+
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1224,16 +1215,17 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
try {
- def.setConfig(name,req.getParameter(name));
+ def.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
- try {
- profile.deleteProfilePolicy(setId, pId);
- } catch (Exception e11) {}
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (Exception e11) {
+ }
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
// defConfig.putString("params." + name, req.getParameter(name));
}
@@ -1294,20 +1286,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Add policy constraints profile configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1338,7 +1329,7 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1349,10 +1340,10 @@ public class ProfileAdminServlet extends AdminServlet {
IConfigStore conConfig = con.getConfigStore();
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
- String name = names.nextElement();
+ String name = names.nextElement();
if (name.equals("OP_SCOPE"))
continue;
@@ -1362,16 +1353,17 @@ public class ProfileAdminServlet extends AdminServlet {
continue;
try {
- con.setConfig(name,req.getParameter(name));
+ con.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
- try {
- profile.deleteProfilePolicy(setId, pId);
- } catch (Exception e11) {}
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (Exception e11) {
+ }
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
// conConfig.putString("params." + name, req.getParameter(name));
}
@@ -1433,20 +1425,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Modify default policy profile configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1477,7 +1468,7 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1485,9 +1476,9 @@ public class ProfileAdminServlet extends AdminServlet {
IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
IPolicyDefault def = policy.getDefault();
IConfigStore defConfig = def.getConfigStore();
-
+
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1499,15 +1490,15 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
try {
- def.setConfig(name,req.getParameter(name));
+ def.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
- // defConfig.putString("params." + name, req.getParameter(name));
+ // defConfig.putString("params." + name, req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
@@ -1566,20 +1557,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Modify profile input configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyInputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1616,7 +1606,7 @@ public class ProfileAdminServlet extends AdminServlet {
IConfigStore inputConfig = input.getConfigStore();
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1686,20 +1676,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Modify profile output configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyOutputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1736,7 +1725,7 @@ public class ProfileAdminServlet extends AdminServlet {
IConfigStore outputConfig = output.getConfigStore();
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1748,7 +1737,7 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
outputConfig.putString("params." + name,
- req.getParameter(name));
+ req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
@@ -1807,20 +1796,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Modify policy constraints profile configuration
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1851,7 +1839,7 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1861,9 +1849,9 @@ public class ProfileAdminServlet extends AdminServlet {
IConfigStore conConfig = con.getConfigStore();
@SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
+ Enumeration<String> names = req.getParameterNames();
- CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
+ CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1874,15 +1862,15 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
- // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name));
+ // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name));
try {
- con.setConfig(name,req.getParameter(name));
+ con.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
//conConfig.putString("params." + name, req.getParameter(name));
}
@@ -1942,8 +1930,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
StringTokenizer st = new StringTokenizer(id, ";");
@@ -1955,9 +1943,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
IProfilePolicy policy = null;
@@ -1987,15 +1975,15 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST);
// this one gets called when one of the elements in the default list get
// selected, then it returns the list of supported constraintsPolicy
if (constraintsList != null) {
-
+
}
StringTokenizer st = new StringTokenizer(id, ";");
@@ -2007,9 +1995,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
StringTokenizer ss = new StringTokenizer(policyId, ":");
@@ -2035,8 +2023,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
// only allow profile retrival if it is disabled
@@ -2046,9 +2034,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfilePolicy() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2070,9 +2058,9 @@ public class ProfileAdminServlet extends AdminServlet {
IPolicyConstraint con = policy.getConstraint();
IConfigStore conConfig = con.getConfigStore();
- nvp.add(setId + ":" + policy.getId(),
- def.getName(getLocale(req)) + ";" +
- con.getName(getLocale(req)));
+ nvp.add(setId + ":" + policy.getId(),
+ def.getName(getLocale(req)) + ";" +
+ con.getName(getLocale(req)));
}
}
@@ -2080,17 +2068,17 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
IProfile profile = null;
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfileOutput() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfileOutput() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2107,17 +2095,17 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
IProfile profile = null;
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfileInput() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfileInput() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2134,9 +2122,9 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getInputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
-
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+
String id = req.getParameter(Constants.RS_ID);
StringTokenizer st = new StringTokenizer(id, ";");
String profileId = st.nextToken();
@@ -2146,9 +2134,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getInputConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getInputConfig() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
IProfileInput profileInput = null;
@@ -2160,14 +2148,14 @@ public class ProfileAdminServlet extends AdminServlet {
while (names.hasMoreElements()) {
String name = names.nextElement();
IDescriptor desc = profileInput.getConfigDescriptor(
- getLocale(req), name);
+ getLocale(req), name);
if (desc == null) {
nvp.add(name, ";" + ";" + profileInput.getConfig(name));
} else {
- nvp.add(name, desc.getSyntax() + ";" +
+ nvp.add(name, desc.getSyntax() + ";" +
getNonNull(desc.getConstraint()) + ";" +
desc.getDescription(getLocale(req)) + ";" +
- profileInput.getConfig(name));
+ profileInput.getConfig(name));
}
}
@@ -2175,8 +2163,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getOutputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
StringTokenizer st = new StringTokenizer(id, ";");
@@ -2187,9 +2175,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getOutputConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getOutputConfig() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
IProfileOutput profileOutput = null;
@@ -2201,14 +2189,14 @@ public class ProfileAdminServlet extends AdminServlet {
while (names.hasMoreElements()) {
String name = names.nextElement();
IDescriptor desc = profileOutput.getConfigDescriptor(
- getLocale(req), name);
+ getLocale(req), name);
if (desc == null) {
nvp.add(name, ";" + ";" + profileOutput.getConfig(name));
} else {
- nvp.add(name, desc.getSyntax() + ";" +
+ nvp.add(name, desc.getSyntax() + ";" +
getNonNull(desc.getConstraint()) + ";" +
desc.getDescription(getLocale(req)) + ";" +
- profileOutput.getConfig(name));
+ profileOutput.getConfig(name));
}
}
@@ -2216,14 +2204,14 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void listProfileInstances(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
NameValuePairs nvp = new NameValuePairs();
Enumeration<String> e = mProfileSub.getProfileIds();
while (e.hasMoreElements()) {
- String profileId = e.nextElement();
+ String profileId = e.nextElement();
IProfile profile = null;
try {
@@ -2231,7 +2219,7 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (EBaseException e1) {
// error
}
-
+
String status = null;
if (mProfileSub.isProfileEnable(profileId)) {
@@ -2247,8 +2235,8 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getProfileInstanceConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
IProfile profile = null;
@@ -2256,9 +2244,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " +
+ "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2285,20 +2273,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Delete profile instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfileInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2324,14 +2311,14 @@ public class ProfileAdminServlet extends AdminServlet {
String config = null;
- ISubsystem subsystem = CMS.getSubsystem("ca");
+ ISubsystem subsystem = CMS.getSubsystem("ca");
String subname = "ca";
- if (subsystem == null)
- subname = "ra";
+ if (subsystem == null)
+ subname = "ra";
try {
- config = CMS.getConfigStore().getString("instanceRoot") +
+ config = CMS.getConfigStore().getString("instanceRoot") +
"/profiles/" + subname + "/" + id + ".cfg";
} catch (EBaseException e) {
// store a message in the signed audit log file
@@ -2346,7 +2333,7 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, null, null, resp);
return;
}
-
+
try {
mProfileSub.deleteProfile(id, config);
} catch (EProfileException e) {
@@ -2401,7 +2388,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void
- putUserPWPair(String combo) {
+ putUserPWPair(String combo) {
int semicolon;
semicolon = combo.indexOf(";");
@@ -2411,12 +2398,11 @@ public class ProfileAdminServlet extends AdminServlet {
CMS.putPasswordCache(user, pw);
}
- public boolean isValidId(String id)
- {
+ public boolean isValidId(String id) {
for (int i = 0; i < id.length(); i++) {
- char c = id.charAt(i);
- if (!Character.isLetterOrDigit(c))
- return false;
+ char c = id.charAt(i);
+ if (!Character.isLetterOrDigit(c))
+ return false;
}
return true;
}
@@ -2424,20 +2410,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Add profile instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfileInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2465,14 +2450,14 @@ public class ProfileAdminServlet extends AdminServlet {
IProfile p = null;
try {
- p = mProfileSub.getProfile(id);
+ p = mProfileSub.getProfile(id);
} catch (EProfileException e1) {
}
if (p != null) {
sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp);
return;
}
-
+
String impl = req.getParameter("impl");
String name = req.getParameter("name");
String desc = req.getParameter("desc");
@@ -2516,8 +2501,8 @@ public class ProfileAdminServlet extends AdminServlet {
profile = mProfileSub.createProfile(id, impl,
info.getClassName(),
config);
- profile.setName(getLocale(req), name);
- profile.setDescription(getLocale(req), name);
+ profile.setName(getLocale(req), name);
+ profile.setDescription(getLocale(req), name);
if (visible != null && visible.equals("true")) {
profile.setVisible(true);
} else {
@@ -2528,10 +2513,10 @@ public class ProfileAdminServlet extends AdminServlet {
mProfileSub.createProfileConfig(id, impl, config);
if (profile instanceof IProfileEx) {
- // populates profile specific plugins such as
- // policies, inputs and outputs
- ((IProfileEx)profile).populate();
- }
+ // populates profile specific plugins such as
+ // policies, inputs and outputs
+ ((IProfileEx) profile).populate();
+ }
} catch (Exception e) {
CMS.debug("ProfileAdminServlet: " + e.toString());
@@ -2588,20 +2573,19 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Modify profile instance
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
- * configuring cert profile (general settings and cert profile; obsoletes
- * extensions and constraints policies)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyProfileInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2656,7 +2640,7 @@ public class ProfileAdminServlet extends AdminServlet {
audit(auditMessage);
try {
- profile.getConfigStore().commit(false);
+ profile.getConfigStore().commit(false);
} catch (Exception e) {
}
@@ -2688,11 +2672,10 @@ public class ProfileAdminServlet extends AdminServlet {
}
}
- protected String getNonNull(String s) {
- if (s == null)
- return "";
- return s;
- }
+ protected String getNonNull(String s) {
+ if (s == null)
+ return "";
+ return s;
+ }
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
index 2842542e..22aa306e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin;
import com.netscape.certsrv.security.ICryptoSubsystem;
import com.netscape.cmsutil.password.IPasswordStore;
-
/**
* A class representing an publishing servlet for the
- * Publishing subsystem. This servlet is responsible
+ * Publishing subsystem. This servlet is responsible
* to serve configuration requests for the Publishing subsystem.
- *
+ *
* @version $Revision$, $Date$
*/
public class PublisherAdminServlet extends AdminServlet {
@@ -85,8 +83,8 @@ public class PublisherAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "PublisherAdminServlet";
- private final static String PW_TAG_CA_LDAP_PUBLISHING =
- "CA LDAP Publishing";
+ private final static String PW_TAG_CA_LDAP_PUBLISHING =
+ "CA LDAP Publishing";
public final static String NOMAPPER = "<NONE>";
private IPublisherProcessor mProcessor = null;
private IAuthority mAuth = null;
@@ -110,22 +108,22 @@ public class PublisherAdminServlet extends AdminServlet {
if (mAuth != null)
if (mAuth instanceof ICertificateAuthority) {
mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor();
- } else
- throw new ServletException(authority + " does not have publishing processor!");
+ } else
+ throw new ServletException(authority + " does not have publishing processor!");
}
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
CMS.debug("PublisherAdminServlet: in service");
@@ -134,9 +132,9 @@ public class PublisherAdminServlet extends AdminServlet {
if (op == null) {
//System.out.println("SRVLT_INVALID_PROTOCOL");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
return;
}
@@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
} catch (IOException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+ null, resp);
return;
}
try {
@@ -160,8 +158,8 @@ public class PublisherAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -188,13 +186,13 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
getRuleInstConfig(req, resp);
return;
- }
+ }
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -214,20 +212,20 @@ public class PublisherAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP)) {
testSetLDAPDest(req, resp);
return;
- }
+ }
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -242,7 +240,7 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
listMapperInsts(req, resp);
return;
- } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
+ } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
listRulePlugins(req, resp);
return;
} else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
@@ -253,8 +251,8 @@ public class PublisherAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -275,13 +273,13 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
addRuleInst(req, resp, scope);
return;
- }
+ }
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -304,31 +302,31 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+ null, resp);
return;
}
} else {
//System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
+ }
//System.out.println("SRVLT_FAIL_PERFORM 2");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+ null, resp);
return;
}
private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor
- p) {
+ p) {
Enumeration mappers = p.getMapperInsts().keys();
Enumeration publishers = p.getPublisherInsts().keys();
@@ -337,11 +335,11 @@ public class PublisherAdminServlet extends AdminServlet {
for (; mappers.hasMoreElements();) {
String name = (String) mappers.nextElement();
- if (map.length()== 0) {
- map.append(name);
+ if (map.length() == 0) {
+ map.append(name);
} else {
- map.append(",");
- map.append(name);
+ map.append(",");
+ map.append(name);
}
}
StringBuffer publish = new StringBuffer();
@@ -379,12 +377,11 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) {
IPublisherProcessor p_processor = mProcessor;
Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName
- );
+ );
impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
- } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)
- ) {
+ } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) {
IPublisherProcessor p_processor = mProcessor;
Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName);
@@ -408,13 +405,13 @@ public class PublisherAdminServlet extends AdminServlet {
}
- /**
+ /**
* retrieve extended plugin info such as brief description, type info
- * from policy, authentication,
- * need to add: listener, mapper and publishing plugins
+ * from policy, authentication,
+ * need to add: listener, mapper and publishing plugins
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -423,14 +420,14 @@ public class PublisherAdminServlet extends AdminServlet {
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params =
+ getExtendedPluginInfo(getLocale(req), implType, implName);
sendResponse(SUCCESS, null, params, resp);
}
-
+
private void getLDAPDest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mAuth.getConfigStore();
@@ -482,25 +479,25 @@ public class PublisherAdminServlet extends AdminServlet {
params.add(name, value);
}
}
- params.add(Constants.PR_PUBLISHING_ENABLE,
- publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+ params.add(Constants.PR_PUBLISHING_ENABLE,
+ publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
+ publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
params.add(Constants.PR_PUBLISHING_QUEUE_THREADS,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
+ publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
+ publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
+ publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
params.add(Constants.PR_PUBLISHING_QUEUE_STATUS,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
- params.add(Constants.PR_ENABLE,
- ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+ publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
+ params.add(Constants.PR_ENABLE,
+ ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
sendResponse(SUCCESS, null, params, resp);
}
private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
//Save New Settings to the config file
@@ -518,7 +515,7 @@ public class PublisherAdminServlet extends AdminServlet {
// need to disable the ldap module here
mProcessor.setLdapConnModule(null);
}
-
+
//set reset of the parameters
Enumeration e = req.getParameterNames();
String pwd = null;
@@ -536,9 +533,9 @@ public class PublisherAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.PR_PUBLISHING_ENABLE))
continue;
- // don't store password in the config file.
- if (name.equals(Constants.PR_BIND_PASSWD))
- continue; // old style password read from config.
+ // don't store password in the config file.
+ if (name.equals(Constants.PR_BIND_PASSWD))
+ continue; // old style password read from config.
if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
pwd = req.getParameter(name);
continue;
@@ -567,7 +564,7 @@ public class PublisherAdminServlet extends AdminServlet {
/* Don't enter the publishing pw into the config store */
ldap.putString(name, req.getParameter(name));
}
-
+
commit(true);
/* Do a "PUT" of the new pw to the watchdog"
@@ -580,27 +577,27 @@ public class PublisherAdminServlet extends AdminServlet {
// update passwordFile
String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
IPasswordStore pwdStore = CMS.getPasswordStore();
- CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file");
+ CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file");
pwdStore.putPassword(prompt, pwd);
pwdStore.commit();
CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved");
-/* we'll shut down and restart the PublisherProcessor instead
- // what a hack to do this without require restart server
-// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
- ILdapConnModule connModule = mProcessor.getLdapConnModule();
- ILdapAuthInfo authInfo = null;
- if (connModule != null) {
- authInfo = connModule.getLdapAuthInfo();
- }
+ /* we'll shut down and restart the PublisherProcessor instead
+ // what a hack to do this without require restart server
+ // ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
+ ILdapConnModule connModule = mProcessor.getLdapConnModule();
+ ILdapAuthInfo authInfo = null;
+ if (connModule != null) {
+ authInfo = connModule.getLdapAuthInfo();
+ }
-// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
- if (authInfo != null) {
- CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
- authInfo.addPassword(prompt, pwd);
- } else
- CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
-*/
+ // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+ if (authInfo != null) {
+ CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
+ authInfo.addPassword(prompt, pwd);
+ } else
+ CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
+ */
try {
CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor");
@@ -618,7 +615,7 @@ public class PublisherAdminServlet extends AdminServlet {
}
private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
CMS.debug("PublisherAdmineServlet: in testSetLDAPDest");
@@ -629,8 +626,8 @@ public class PublisherAdminServlet extends AdminServlet {
IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
//set enable flag
- publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
- req.getParameter(Constants.PR_PUBLISHING_ENABLE));
+ publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
+ req.getParameter(Constants.PR_PUBLISHING_ENABLE));
String ldapPublish = req.getParameter(Constants.PR_ENABLE);
ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish);
@@ -656,9 +653,9 @@ public class PublisherAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.PR_PUBLISHING_ENABLE))
continue;
- // don't store password in the config file.
- if (name.equals(Constants.PR_BIND_PASSWD))
- continue; // old style password read from config.
+ // don't store password in the config file.
+ if (name.equals(Constants.PR_BIND_PASSWD))
+ continue; // old style password read from config.
if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
pwd = req.getParameter(name);
continue;
@@ -687,22 +684,22 @@ public class PublisherAdminServlet extends AdminServlet {
/* Don't enter the publishing pw into the config store */
ldap.putString(name, req.getParameter(name));
}
-
+
// test before commit
if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
- ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
- params.add("title",
- "You've attempted to configure CMS to connect" +
- " to a LDAP directory. The connection status is" +
- " as follows:\n \n");
+ ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
+ params.add("title",
+ "You've attempted to configure CMS to connect" +
+ " to a LDAP directory. The connection status is" +
+ " as follows:\n \n");
LDAPConnection conn = null;
ILdapConnInfo connInfo =
- CMS.getLdapConnInfo(ldap.getSubStore(
- ILdapBoundConnFactory.PROP_LDAPCONNINFO));
+ CMS.getLdapConnInfo(ldap.getSubStore(
+ ILdapBoundConnFactory.PROP_LDAPCONNINFO));
//LdapAuthInfo authInfo =
//new LdapAuthInfo(ldap.getSubStore(
// ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
- String host = connInfo.getHost();
+ String host = connInfo.getHost();
int port = connInfo.getPort();
boolean secure = connInfo.getSecure();
//int authType = authInfo.getAuthType();
@@ -720,51 +717,51 @@ public class PublisherAdminServlet extends AdminServlet {
conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory(
certNickName));
CMS.debug("Publishing Test certNickName=" + certNickName);
- params.add(Constants.PR_CONN_INITED,
- "Create ssl LDAPConnection with certificate: " +
- certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
+ params.add(Constants.PR_CONN_INITED,
+ "Create ssl LDAPConnection with certificate: " +
+ certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
} catch (Exception ex) {
- params.add(Constants.PR_CONN_INIT_FAIL,
- "Create ssl LDAPConnection with certificate: " +
- certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_CONN_INIT_FAIL,
+ "Create ssl LDAPConnection with certificate: " +
+ certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" +
+ "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
try {
conn.connect(host, port);
- params.add(Constants.PR_CONN_OK,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
- params.add(Constants.PR_AUTH_OK,
- "Authentication: SSL client authentication" +
- dashes(70 - 41) + " Success" +
- "\nBind to the directory as: " + certNickName +
- dashes(70 - 26 - certNickName.length()) + " Success");
+ params.add(Constants.PR_CONN_OK,
+ "Connect to directory server " +
+ host + " at port " + port +
+ dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+ params.add(Constants.PR_AUTH_OK,
+ "Authentication: SSL client authentication" +
+ dashes(70 - 41) + " Success" +
+ "\nBind to the directory as: " + certNickName +
+ dashes(70 - 26 - certNickName.length()) + " Success");
} catch (LDAPException ex) {
if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
- " Failure\n" +
- " error: server unavailable");
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server " +
+ host + " at port " + port +
+ dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
+ " Failure\n" +
+ " error: server unavailable");
} else {
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
- " Failure");
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server " +
+ host + " at port " + port +
+ dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
+ " Failure");
}
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then " +
+ "LDAP publishing will fail.\n" +
+ "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
@@ -773,53 +770,53 @@ public class PublisherAdminServlet extends AdminServlet {
if (secure) {
conn = new LDAPConnection(
CMS.getLdapJssSSLSocketFactory());
- params.add(Constants.PR_CONN_INITED,
- "Create ssl LDAPConnection" +
- dashes(70 - 25) + " Success");
+ params.add(Constants.PR_CONN_INITED,
+ "Create ssl LDAPConnection" +
+ dashes(70 - 25) + " Success");
} else {
conn = new LDAPConnection();
- params.add(Constants.PR_CONN_INITED,
- "Create LDAPConnection" +
- dashes(70 - 21) + " Success");
+ params.add(Constants.PR_CONN_INITED,
+ "Create LDAPConnection" +
+ dashes(70 - 21) + " Success");
}
} catch (Exception ex) {
- params.add(Constants.PR_CONN_INIT_FAIL,
- "Create LDAPConnection" +
- dashes(70 - 21) + " Failure\n" +
- "exception: " + ex);
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_CONN_INIT_FAIL,
+ "Create LDAPConnection" +
+ dashes(70 - 21) + " Failure\n" +
+ "exception: " + ex);
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then " +
+ "LDAP publishing will fail.\n" +
+ "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
try {
conn.connect(host, port);
- params.add(Constants.PR_CONN_OK,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+ params.add(Constants.PR_CONN_OK,
+ "Connect to directory server " +
+ host + " at port " + port +
+ dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
} catch (LDAPException ex) {
if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
- "\nerror: server unavailable");
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server " +
+ host + " at port " + port +
+ dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
+ "\nerror: server unavailable");
} else {
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
- "\nexception: " + ex);
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server " +
+ host + " at port " + port +
+ dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
+ "\nexception: " + ex);
}
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then " +
+ "LDAP publishing will fail.\n" +
+ "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
@@ -828,44 +825,42 @@ public class PublisherAdminServlet extends AdminServlet {
bindAs = ldap.getSubStore(
ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN);
conn.authenticate(version, bindAs, pwd);
- params.add(Constants.PR_AUTH_OK,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + " Success" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) + " Success");
+ params.add(Constants.PR_AUTH_OK,
+ "Authentication: Basic authentication" +
+ dashes(70 - 36) + " Success" +
+ "\nBind to the directory as: " + bindAs +
+ dashes(70 - 26 - bindAs.length()) + " Success");
} catch (LDAPException ex) {
- if (ex.getLDAPResultCode() ==
- LDAPException.NO_SUCH_OBJECT) {
- params.add(Constants.PR_AUTH_FAIL,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + "Failure" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) +
- "Failure" + "\nThe object doesn't exist. " +
- "Please correct the value assigned in the" +
- " \"Directory manager DN\" field.");
- } else if (ex.getLDAPResultCode() ==
- LDAPException.INVALID_CREDENTIALS) {
- params.add(Constants.PR_AUTH_FAIL,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + " Failure" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) +
- " Failure" + "\nInvalid password. " +
- "Please correct the value assigned in the" +
- " \"Password\" field.");
+ if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
+ params.add(Constants.PR_AUTH_FAIL,
+ "Authentication: Basic authentication" +
+ dashes(70 - 36) + "Failure" +
+ "\nBind to the directory as: " + bindAs +
+ dashes(70 - 26 - bindAs.length()) +
+ "Failure" + "\nThe object doesn't exist. " +
+ "Please correct the value assigned in the" +
+ " \"Directory manager DN\" field.");
+ } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) {
+ params.add(Constants.PR_AUTH_FAIL,
+ "Authentication: Basic authentication" +
+ dashes(70 - 36) + " Failure" +
+ "\nBind to the directory as: " + bindAs +
+ dashes(70 - 26 - bindAs.length()) +
+ " Failure" + "\nInvalid password. " +
+ "Please correct the value assigned in the" +
+ " \"Password\" field.");
} else {
- params.add(Constants.PR_AUTH_FAIL,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + " Failure" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) +
- " Failure");
+ params.add(Constants.PR_AUTH_FAIL,
+ "Authentication: Basic authentication" +
+ dashes(70 - 36) + " Failure" +
+ "\nBind to the directory as: " + bindAs +
+ dashes(70 - 26 - bindAs.length()) +
+ " Failure");
}
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then " +
+ "LDAP publishing will fail.\n" +
+ "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
@@ -875,7 +870,7 @@ public class PublisherAdminServlet extends AdminServlet {
//commit(true);
if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
- pwd != null) {
+ pwd != null) {
/* Do a "PUT" of the new pw to the watchdog"
** do not remove - cfu
@@ -886,28 +881,28 @@ public class PublisherAdminServlet extends AdminServlet {
// update passwordFile
String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
IPasswordStore pwdStore = CMS.getPasswordStore();
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+
- prompt + " to password file");
+ CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " +
+ prompt + " to password file");
pwdStore.putPassword(prompt, pwd);
pwdStore.commit();
CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved");
-/* we'll shut down and restart the PublisherProcessor instead
- // what a hack to do this without require restart server
-// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
- ILdapConnModule connModule = mProcessor.getLdapConnModule();
- ILdapAuthInfo authInfo = null;
- if (connModule != null) {
- authInfo = connModule.getLdapAuthInfo();
- } else
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
-
-// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
- if (authInfo != null) {
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
- authInfo.addPassword(prompt, pwd);
- } else
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
-*/
+ /* we'll shut down and restart the PublisherProcessor instead
+ // what a hack to do this without require restart server
+ // ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
+ ILdapConnModule connModule = mProcessor.getLdapConnModule();
+ ILdapAuthInfo authInfo = null;
+ if (connModule != null) {
+ authInfo = connModule.getLdapAuthInfo();
+ } else
+ CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
+
+ // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+ if (authInfo != null) {
+ CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
+ authInfo.addPassword(prompt, pwd);
+ } else
+ CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
+ */
}
//params.add(Constants.PR_SAVE_OK,
// "\n \nConfiguration changes are now committed.");
@@ -921,7 +916,7 @@ public class PublisherAdminServlet extends AdminServlet {
if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority();
- if (!(authority instanceof ICertificateAuthority))
+ if (!(authority instanceof ICertificateAuthority))
return;
ICertificateAuthority ca = (ICertificateAuthority) authority;
@@ -929,26 +924,26 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mProcessor.publishCACert(ca.getCACert());
CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT"));
- params.add("publishCA",
- "CA certificate is published.");
+ params.add("publishCA",
+ "CA certificate is published.");
} catch (Exception ex) {
// exception not thrown - not seen as a fatal error.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
- params.add("publishCA",
- "Failed to publish CA certificate.");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
+ params.add("publishCA",
+ "Failed to publish CA certificate.");
int index = ex.toString().indexOf("Failed to create CA");
if (index > -1) {
params.add("createError",
- ex.toString().substring(index));
+ ex.toString().substring(index));
}
mProcessor.shutdown();
// Do you want to enable LDAP publishing anyway
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "the CA certificate won't be published.\n" +
- "Do you want to enable LDAP publishing anyway?");
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then " +
+ "the CA certificate won't be published.\n" +
+ "Do you want to enable LDAP publishing anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
@@ -958,65 +953,65 @@ public class PublisherAdminServlet extends AdminServlet {
CMS.debug("PublisherAdminServlet: about to update CRL");
ca.publishCRLNow();
CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL"));
- params.add("publishCRL",
- "CRL is published.");
+ params.add("publishCRL",
+ "CRL is published.");
} catch (Exception ex) {
// exception not thrown - not seen as a fatal error.
- log(ILogger.LL_FAILURE,
- "Could not publish crl " + ex.toString());
- params.add("publishCRL",
- "Failed to publish CRL.");
+ log(ILogger.LL_FAILURE,
+ "Could not publish crl " + ex.toString());
+ params.add("publishCRL",
+ "Failed to publish CRL.");
mProcessor.shutdown();
// Do you want to enable LDAP publishing anyway
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "the CRL won't be published.\n" +
- "Do you want to enable LDAP publishing anyway?");
+ params.add(Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then " +
+ "the CRL won't be published.\n" +
+ "Do you want to enable LDAP publishing anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
}
commit(true);
- params.add(Constants.PR_SAVE_OK,
- "\n \nConfiguration changes are now committed.");
+ params.add(Constants.PR_SAVE_OK,
+ "\n \nConfiguration changes are now committed.");
params.add("restarted", "Publishing is restarted.");
} else {
commit(true);
- params.add(Constants.PR_SAVE_OK,
- "\n \nConfiguration changes are now committed.");
- params.add("stopped",
- "Publishing is stopped.");
+ params.add(Constants.PR_SAVE_OK,
+ "\n \nConfiguration changes are now committed.");
+ params.add("stopped",
+ "Publishing is stopped.");
}
//XXX See if we can dynamically in B2
sendResponse(SUCCESS, null, params, resp);
}
- private synchronized void addMapperPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addMapperPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// is the manager id unique?
if (mProcessor.getMapperPlugins().containsKey((Object) id)) {
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
String classPath = req.getParameter(Constants.PR_MAPPER_CLASS);
if (classPath == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
return;
}
@@ -1059,8 +1054,8 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1068,8 +1063,8 @@ public class PublisherAdminServlet extends AdminServlet {
MapperPlugin plugin = new MapperPlugin(id, classPath);
mProcessor.getMapperPlugins().put(id, plugin);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
NameValuePairs params = new NameValuePairs();
@@ -1087,27 +1082,27 @@ public class PublisherAdminServlet extends AdminServlet {
return true;
}
- private synchronized void addMapperInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addMapperInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
if (!isValidID(id)) {
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'",
+ null, resp);
return;
}
if (mProcessor.getMapperInsts().containsKey((Object) id)) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ null, resp);
return;
}
@@ -1122,13 +1117,13 @@ public class PublisherAdminServlet extends AdminServlet {
// check if implementation exists.
MapperPlugin plugin =
- (MapperPlugin) mProcessor.getMapperPlugins().get(
- implname);
+ (MapperPlugin) mProcessor.getMapperPlugins().get(
+ implname);
if (plugin == null) {
sendResponse(ERROR,
- new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
@@ -1145,11 +1140,11 @@ public class PublisherAdminServlet extends AdminServlet {
String val = req.getParameter(kv.substring(0, index));
if (val == null) {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
} else {
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index),
+ val);
}
}
}
@@ -1165,20 +1160,20 @@ public class PublisherAdminServlet extends AdminServlet {
// cleanup
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -1203,46 +1198,46 @@ public class PublisherAdminServlet extends AdminServlet {
// clean up.
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
// inited and commited ok. now add mapper instance to list.
mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst));
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_MAPPER_IMPL_NAME, implname);
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void listMapperPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listMapperPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mProcessor.getMapperPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- MapperPlugin value = (MapperPlugin)
- mProcessor.getMapperPlugins().get(name);
+ MapperPlugin value = (MapperPlugin)
+ mProcessor.getMapperPlugins().get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
ILdapMapper lp = (ILdapMapper)
- Class.forName(c).newInstance();
+ Class.forName(c).newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
- sendResponse(ERROR, exp.toString(), null,
- resp);
+ sendResponse(ERROR, exp.toString(), null,
+ resp);
return;
}
params.add(name, value.getClassPath() + "," + desc);
@@ -1261,8 +1256,8 @@ public class PublisherAdminServlet extends AdminServlet {
}
}
- private synchronized void listMapperInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listMapperInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -1278,25 +1273,25 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void delMapperInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delMapperInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does a`mapper instance exist?
if (mProcessor.getMapperInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
- null, resp);
+ new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -1304,14 +1299,14 @@ public class PublisherAdminServlet extends AdminServlet {
// cannot shutdown because we don't keep track of whether it's
// being used.
ILdapMapper mapperInst = (ILdapMapper)
- mProcessor.getMapperInstance(id);
+ mProcessor.getMapperInstance(id);
mProcessor.getMapperInsts().remove((Object) id);
// remove the configuration.
IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.mapper");
+ mConfig.getSubStore(
+ mAuth.getId() + ".publish.mapper");
IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
@@ -1321,39 +1316,38 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void delMapperPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delMapperPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
if (mProcessor.getMapperPlugins().containsKey(id) == false) {
sendResponse(ERROR,
- new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
- null, resp);
+ new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this mapper
// DON'T remove mapper if any instance
- for (Enumeration e = mProcessor.getMapperInsts().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
ILdapMapper mapper = mProcessor.getMapperInstance(name);
@@ -1362,15 +1356,15 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
}
-
+
// then delete this mapper
mProcessor.getMapperPlugins().remove((Object) id);
IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.mapper");
+ mConfig.getSubStore(
+ mAuth.getId() + ".publish.mapper");
IConfigStore instancesConfig =
- destStore.getSubStore("impl");
+ destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
// commiting
@@ -1378,26 +1372,26 @@ public class PublisherAdminServlet extends AdminServlet {
mConfig.commit(true);
} catch (EBaseException e) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void getMapperConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getMapperConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1411,50 +1405,50 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
sendResponse(0, null, params, resp);
return;
}
- private synchronized void getMapperInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void getMapperInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does mapper instance exist?
if (mProcessor.getMapperInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
- null, resp);
+ new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
ILdapMapper mapperInst = (ILdapMapper)
- mProcessor.getMapperInstance(id);
+ mProcessor.getMapperInstance(id);
Vector configParams = mapperInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_MAPPER_IMPL_NAME,
- getMapperPluginName(mapperInst));
+ params.add(Constants.PR_MAPPER_IMPL_NAME,
+ getMapperPluginName(mapperInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
@@ -1462,24 +1456,24 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void modMapperInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modMapperInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// Does the manager instance exist?
if (!mProcessor.getMapperInsts().containsKey((Object) id)) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ null, resp);
return;
}
@@ -1492,19 +1486,19 @@ public class PublisherAdminServlet extends AdminServlet {
}
// get plugin for implementation
MapperPlugin plugin =
- (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
+ (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
if (plugin == null) {
sendResponse(ERROR,
- new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
// save old instance substore params in case new one fails.
ILdapMapper oldinst =
- (ILdapMapper) mProcessor.getMapperInstance(id);
+ (ILdapMapper) mProcessor.getMapperInstance(id);
Vector oldConfigParms = oldinst.getInstanceParams();
NameValuePairs saveParams = new NameValuePairs();
@@ -1516,7 +1510,7 @@ public class PublisherAdminServlet extends AdminServlet {
int index = kv.indexOf('=');
saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ kv.substring(index + 1));
}
}
@@ -1525,8 +1519,8 @@ public class PublisherAdminServlet extends AdminServlet {
// remove old substore.
IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() +
- ".publish.mapper");
+ mConfig.getSubStore(mAuth.getId() +
+ ".publish.mapper");
IConfigStore instancesConfig = destStore.getSubStore("instance");
// create new substore.
@@ -1557,26 +1551,26 @@ public class PublisherAdminServlet extends AdminServlet {
ILdapMapper newMgrInst = null;
try {
- newMgrInst = (ILdapMapper)
+ newMgrInst = (ILdapMapper)
Class.forName(className).newInstance();
} catch (ClassNotFoundException e) {
// cleanup
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
// initialize the mapper
@@ -1586,13 +1580,13 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// don't commit in this case and cleanup the new substore.
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR, e.toString(getLocale(req)), null,
- resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null,
+ resp);
return;
} catch (Throwable e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR, e.toString(), null,
- resp);
+ sendResponse(ERROR, e.toString(), null,
+ resp);
return;
}
@@ -1604,8 +1598,8 @@ public class PublisherAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1614,31 +1608,31 @@ public class PublisherAdminServlet extends AdminServlet {
mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst));
mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
+ CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
NameValuePairs params = new NameValuePairs();
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void addRulePlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addRulePlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// is the rule id unique?
if (mProcessor.getRulePlugins().containsKey((Object) id)) {
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
- null, resp);
+ new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
+ null, resp);
return;
}
@@ -1689,8 +1683,8 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -1698,8 +1692,8 @@ public class PublisherAdminServlet extends AdminServlet {
RulePlugin plugin = new RulePlugin(id, classPath);
mProcessor.getRulePlugins().put(id, plugin);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
NameValuePairs params = new NameValuePairs();
@@ -1707,26 +1701,26 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void addRuleInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addRuleInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
if (!isValidID(id)) {
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'",
+ null, resp);
return;
}
if (mProcessor.getRuleInsts().containsKey((Object) id)) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ null, resp);
return;
}
@@ -1741,23 +1735,23 @@ public class PublisherAdminServlet extends AdminServlet {
// check if implementation exists.
RulePlugin plugin =
- (RulePlugin) mProcessor.getRulePlugins().get(
- implname);
+ (RulePlugin) mProcessor.getRulePlugins().get(
+ implname);
if (plugin == null) {
sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
Vector configParams = mProcessor.getRuleDefaultParams(implname);
IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId()
- + ".publish.rule");
+ mConfig.getSubStore(mAuth.getId()
+ + ".publish.rule");
IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -1767,13 +1761,13 @@ public class PublisherAdminServlet extends AdminServlet {
String val = req.getParameter(kv.substring(0, index));
if (val == null) {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
} else {
if (val.equals(NOMAPPER))
val = "";
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index),
+ val);
}
}
}
@@ -1789,20 +1783,20 @@ public class PublisherAdminServlet extends AdminServlet {
// cleanup
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -1828,40 +1822,40 @@ public class PublisherAdminServlet extends AdminServlet {
// clean up.
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mProcessor.getRuleInsts().put(id, ruleInst);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_RULE_IMPL_NAME, implname);
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void listRulePlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listRulePlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mProcessor.getRulePlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- RulePlugin value = (RulePlugin)
- mProcessor.getRulePlugins().get(name);
+ RulePlugin value = (RulePlugin)
+ mProcessor.getRulePlugins().get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
ILdapRule lp = (ILdapRule)
- Class.forName(c).newInstance();
+ Class.forName(c).newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
@@ -1872,8 +1866,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void listRuleInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listRuleInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String insts = null;
@@ -1881,8 +1875,8 @@ public class PublisherAdminServlet extends AdminServlet {
for (; e.hasMoreElements();) {
String name = (String) e.nextElement();
- ILdapRule value = (ILdapRule)
- mProcessor.getRuleInsts().get((Object) name);
+ ILdapRule value = (ILdapRule)
+ mProcessor.getRuleInsts().get((Object) name);
String enabled = value.enabled() ? "enabled" : "disabled";
params.add(name, value.getInstanceName() + ";visible;" + enabled);
@@ -1901,47 +1895,46 @@ public class PublisherAdminServlet extends AdminServlet {
}
}
- private synchronized void delRulePlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delRulePlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does rule exist?
if (mProcessor.getRulePlugins().containsKey(id) == false) {
sendResponse(ERROR,
- new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
- null, resp);
+ new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this rule
// DON'T remove rule if any instance
- for (Enumeration e = mProcessor.getRuleInsts().elements();
- e.hasMoreElements();) {
- ILdapRule rule = (ILdapRule)
- e.nextElement();
+ for (Enumeration e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) {
+ ILdapRule rule = (ILdapRule)
+ e.nextElement();
if (id.equals(getRulePluginName(rule))) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this rule
mProcessor.getRulePlugins().remove((Object) id);
IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".rule");
+ mConfig.getSubStore(
+ mAuth.getId() + ".rule");
IConfigStore instancesConfig = destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
@@ -1950,26 +1943,26 @@ public class PublisherAdminServlet extends AdminServlet {
mConfig.commit(true);
} catch (EBaseException e) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void delRuleInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delRuleInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1978,8 +1971,8 @@ public class PublisherAdminServlet extends AdminServlet {
// does rule instance exist?
if (mProcessor.getRuleInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
- null, resp);
+ new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -1987,14 +1980,14 @@ public class PublisherAdminServlet extends AdminServlet {
// cannot shutdown because we don't keep track of whether it's
// being used.
ILdapRule ruleInst = (ILdapRule)
- mProcessor.getRuleInsts().get(id);
+ mProcessor.getRuleInsts().get(id);
mProcessor.getRuleInsts().remove((Object) id);
// remove the configuration.
IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.rule");
+ mConfig.getSubStore(
+ mAuth.getId() + ".publish.rule");
IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
@@ -2004,24 +1997,24 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void getRuleConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getRuleConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -2035,50 +2028,50 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
sendResponse(0, null, params, resp);
return;
}
- private synchronized void getRuleInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void getRuleInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does rule instance exist?
if (mProcessor.getRuleInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
- null, resp);
+ new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
ILdapRule ruleInst = (ILdapRule)
- mProcessor.getRuleInsts().get(id);
+ mProcessor.getRuleInsts().get(id);
Vector configParams = ruleInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_RULE_IMPL_NAME,
- getRulePluginName(ruleInst));
+ params.add(Constants.PR_RULE_IMPL_NAME,
+ getRulePluginName(ruleInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
@@ -2086,23 +2079,23 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void modRuleInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modRuleInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// Does the manager instance exist?
if (!mProcessor.getRuleInsts().containsKey((Object) id)) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ null, resp);
return;
}
@@ -2116,20 +2109,20 @@ public class PublisherAdminServlet extends AdminServlet {
// get plugin for implementation
RulePlugin plugin =
- (RulePlugin) mProcessor.getRulePlugins().get(implname);
+ (RulePlugin) mProcessor.getRulePlugins().get(implname);
if (plugin == null) {
sendResponse(ERROR,
- //new ERulePluginNotFound(implname).toString(getLocale(req)),
- "",
- null, resp);
+ //new ERulePluginNotFound(implname).toString(getLocale(req)),
+ "",
+ null, resp);
return;
}
// save old instance substore params in case new one fails.
- ILdapRule oldinst =
- (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
+ ILdapRule oldinst =
+ (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
Vector oldConfigParms = oldinst.getInstanceParams();
NameValuePairs saveParams = new NameValuePairs();
@@ -2141,7 +2134,7 @@ public class PublisherAdminServlet extends AdminServlet {
int index = kv.indexOf('=');
saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ kv.substring(index + 1));
}
}
@@ -2150,8 +2143,8 @@ public class PublisherAdminServlet extends AdminServlet {
// remove old substore.
IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.rule");
+ mConfig.getSubStore(
+ mAuth.getId() + ".publish.rule");
IConfigStore instancesConfig = destStore.getSubStore("instance");
// create new substore.
@@ -2171,8 +2164,8 @@ public class PublisherAdminServlet extends AdminServlet {
String val = req.getParameter(key);
if (val == null) {
- substore.put(key,
- kv.substring(index + 1));
+ substore.put(key,
+ kv.substring(index + 1));
} else {
if (val.equals(NOMAPPER))
val = "";
@@ -2192,20 +2185,20 @@ public class PublisherAdminServlet extends AdminServlet {
// cleanup
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -2232,8 +2225,8 @@ public class PublisherAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -2241,40 +2234,40 @@ public class PublisherAdminServlet extends AdminServlet {
mProcessor.getRuleInsts().put(id, newRuleInst);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
NameValuePairs params = new NameValuePairs();
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void addPublisherPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addPublisherPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// is the manager id unique?
if (mProcessor.getPublisherPlugins().containsKey((Object) id)) {
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS);
if (classPath == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
return;
}
@@ -2318,8 +2311,8 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -2327,8 +2320,8 @@ public class PublisherAdminServlet extends AdminServlet {
PublisherPlugin plugin = new PublisherPlugin(id, classPath);
mProcessor.getPublisherPlugins().put(id, plugin);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
NameValuePairs params = new NameValuePairs();
@@ -2336,28 +2329,28 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void addPublisherInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addPublisherInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
if (!isValidID(id)) {
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'",
+ null, resp);
return;
}
if (mProcessor.getPublisherInsts().containsKey((Object) id)) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ null, resp);
return;
}
@@ -2372,20 +2365,20 @@ public class PublisherAdminServlet extends AdminServlet {
// check if implementation exists.
PublisherPlugin plugin =
- (PublisherPlugin) mProcessor.getPublisherPlugins().get(
- implname);
+ (PublisherPlugin) mProcessor.getPublisherPlugins().get(
+ implname);
if (plugin == null) {
sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
Vector configParams = mProcessor.getPublisherDefaultParams(implname);
IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
@@ -2404,15 +2397,15 @@ public class PublisherAdminServlet extends AdminServlet {
if (index == -1) {
substore.put(kv, "");
} else {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
}
} else {
if (index == -1) {
substore.put(kv, val);
} else {
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index),
+ val);
}
}
}
@@ -2429,20 +2422,20 @@ public class PublisherAdminServlet extends AdminServlet {
// cleanup
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -2467,16 +2460,16 @@ public class PublisherAdminServlet extends AdminServlet {
// clean up.
instancesConfig.removeSubStore(id);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst));
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
NameValuePairs params = new NameValuePairs();
@@ -2485,8 +2478,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void listPublisherPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listPublisherPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -2494,15 +2487,15 @@ public class PublisherAdminServlet extends AdminServlet {
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- PublisherPlugin value = (PublisherPlugin)
- mProcessor.getPublisherPlugins().get(name);
+ PublisherPlugin value = (PublisherPlugin)
+ mProcessor.getPublisherPlugins().get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
ILdapPublisher lp = (ILdapPublisher)
- Class.forName(c).newInstance();
+ Class.forName(c).newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
@@ -2523,8 +2516,8 @@ public class PublisherAdminServlet extends AdminServlet {
}
}
- private synchronized void listPublisherInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void listPublisherInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -2543,8 +2536,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void delPublisherPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delPublisherPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -2553,38 +2546,37 @@ public class PublisherAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does publisher exist?
if (mProcessor.getPublisherPlugins().containsKey(id) == false) {
sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
- null, resp);
+ new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this publisher
// DON'T remove publisher if any instance
- for (Enumeration e = mProcessor.getPublisherInsts().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
- ILdapPublisher publisher =
- mProcessor.getPublisherInstance(name);
+ ILdapPublisher publisher =
+ mProcessor.getPublisherInstance(name);
if (id.equals(getPublisherPluginName(publisher))) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this publisher
mProcessor.getPublisherPlugins().remove((Object) id);
IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
@@ -2593,8 +2585,8 @@ public class PublisherAdminServlet extends AdminServlet {
mConfig.commit(true);
} catch (EBaseException e) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -2602,8 +2594,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void delPublisherInst(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delPublisherInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -2612,8 +2604,8 @@ public class PublisherAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -2622,8 +2614,8 @@ public class PublisherAdminServlet extends AdminServlet {
// does publisher instance exist?
if (mProcessor.getPublisherInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
- null, resp);
+ new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -2636,7 +2628,7 @@ public class PublisherAdminServlet extends AdminServlet {
// remove the configuration.
IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
@@ -2646,8 +2638,8 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
@@ -2656,24 +2648,24 @@ public class PublisherAdminServlet extends AdminServlet {
/**
* used for getting the required configuration parameters (with
- * possible default values) for a particular plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this publishing subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * possible default values) for a particular plugin
+ * implementation name specified in the RS_ID. Actually, there is
+ * no logic in here to set any default value here...there's no
+ * default value for any parameter in this publishing subsystem
+ * at this point. Later, if we do have one (or some), it can be
+ * added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -2690,8 +2682,8 @@ public class PublisherAdminServlet extends AdminServlet {
if (index == -1) {
params.add(kv, "");
} else {
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
}
@@ -2699,8 +2691,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -2708,34 +2700,34 @@ public class PublisherAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// does publisher instance exist?
if (mProcessor.getPublisherInsts().containsKey(id) == false) {
sendResponse(ERROR,
- new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
- null, resp);
+ new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
ILdapPublisher publisherInst = (ILdapPublisher)
- mProcessor.getPublisherInstance(id);
+ mProcessor.getPublisherInstance(id);
Vector configParams = publisherInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_PUBLISHER_IMPL_NAME,
- getPublisherPluginName(publisherInst));
+ params.add(Constants.PR_PUBLISHER_IMPL_NAME,
+ getPublisherPluginName(publisherInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
@@ -2745,15 +2737,15 @@ public class PublisherAdminServlet extends AdminServlet {
/**
* Modify publisher instance.
- * This will actually create a new instance with new configuration
- * parameters and replace the old instance, if the new instance
+ * This will actually create a new instance with new configuration
+ * parameters and replace the old instance, if the new instance
* created and initialized successfully.
* The old instance is left running. so this is very expensive.
* Restart of server recommended.
*/
- private synchronized void modPublisherInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modPublisherInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope)
+ throws ServletException, IOException, EBaseException {
// expensive operation.
@@ -2762,15 +2754,15 @@ public class PublisherAdminServlet extends AdminServlet {
if (id == null) {
//System.out.println("SRVLT_NULL_RS_ID");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// Does the manager instance exist?
if (!mProcessor.getPublisherInsts().containsKey((Object) id)) {
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ null, resp);
return;
}
@@ -2784,12 +2776,12 @@ public class PublisherAdminServlet extends AdminServlet {
// get plugin for implementation
PublisherPlugin plugin =
- (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
+ (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
if (plugin == null) {
sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+ null, resp);
return;
}
@@ -2813,8 +2805,8 @@ public class PublisherAdminServlet extends AdminServlet {
pubType = "crl";
}
- saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ saveParams.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
}
@@ -2824,7 +2816,7 @@ public class PublisherAdminServlet extends AdminServlet {
// remove old substore.
IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("instance");
// get objects added and deleted
@@ -2859,9 +2851,9 @@ public class PublisherAdminServlet extends AdminServlet {
}
// process any changes to the ldap object class definitions
- if (pubType.equals("cacert")) {
+ if (pubType.equals("cacert")) {
processChangedOC(saveParams, substore, "caObjectClass");
- substore.put("pubtype", "cacert");
+ substore.put("pubtype", "cacert");
}
if (pubType.equals("crl")) {
@@ -2880,20 +2872,20 @@ public class PublisherAdminServlet extends AdminServlet {
// cleanup
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -2920,8 +2912,8 @@ public class PublisherAdminServlet extends AdminServlet {
restore(instancesConfig, id, saveParams);
//System.out.println("SRVLT_FAIL_COMMIT");
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+ null, resp);
return;
}
@@ -2929,8 +2921,8 @@ public class PublisherAdminServlet extends AdminServlet {
mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst));
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
NameValuePairs params = new NameValuePairs();
@@ -2941,51 +2933,54 @@ public class PublisherAdminServlet extends AdminServlet {
// convenience function - takes list1, list2. Returns what is in list1
// but not in list2
private String[] getExtras(String[] list1, String[] list2) {
- Vector <String> extras = new Vector<String>();
- for (int i=0; i< list1.length; i++) {
- boolean match=false;
- for (int j=0; j < list2.length; j++) {
- if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
- match = true;
- break;
- }
- }
- if (!match) extras.add(list1[i].trim());
- }
-
- return (String[])extras.toArray(new String[extras.size()]);
+ Vector<String> extras = new Vector<String>();
+ for (int i = 0; i < list1.length; i++) {
+ boolean match = false;
+ for (int j = 0; j < list2.length; j++) {
+ if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
+ match = true;
+ break;
+ }
+ }
+ if (!match)
+ extras.add(list1[i].trim());
+ }
+
+ return (String[]) extras.toArray(new String[extras.size()]);
}
// convenience function - takes list1, list2. Concatenates the two
// lists removing duplicates
private String[] joinLists(String[] list1, String[] list2) {
- Vector <String> sum = new Vector<String>();
- for (int i=0; i< list1.length; i++) {
- sum.add(list1[i]);
- }
-
- for (int i=0; i < list2.length; i++) {
- boolean match=false;
- for (int j=0; j < list1.length; j++) {
- if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
- match = true;
- break;
- }
- }
- if (!match) sum.add(list2[i].trim());
- }
-
- return (String[])sum.toArray(new String[sum.size()]);
+ Vector<String> sum = new Vector<String>();
+ for (int i = 0; i < list1.length; i++) {
+ sum.add(list1[i]);
+ }
+
+ for (int i = 0; i < list2.length; i++) {
+ boolean match = false;
+ for (int j = 0; j < list1.length; j++) {
+ if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
+ match = true;
+ break;
+ }
+ }
+ if (!match)
+ sum.add(list2[i].trim());
+ }
+
+ return (String[]) sum.toArray(new String[sum.size()]);
}
// convenience funtion. Takes a string array and delimiter
// and returns a String with the concatenation
private static String join(String[] s, String delimiter) {
- if (s.length == 0) return "";
+ if (s.length == 0)
+ return "";
StringBuffer buffer = new StringBuffer(s[0]);
if (s.length > 1) {
- for (int i=1; i< s.length; i++) {
+ for (int i = 1; i < s.length; i++) {
buffer.append(delimiter).append(s[i].trim());
}
}
@@ -3005,29 +3000,31 @@ public class PublisherAdminServlet extends AdminServlet {
oldAdded = saveParams.getValue(objName + "Added");
oldDeleted = saveParams.getValue(objName + "Deleted");
- if ((oldOC == null) || (newOC == null)) return;
- if (oldOC.equalsIgnoreCase(newOC)) return;
+ if ((oldOC == null) || (newOC == null))
+ return;
+ if (oldOC.equalsIgnoreCase(newOC))
+ return;
- String [] oldList = oldOC.split(",");
- String [] newList = newOC.split(",");
- String [] deletedList = getExtras(oldList, newList);
- String [] addedList = getExtras(newList, oldList);
+ String[] oldList = oldOC.split(",");
+ String[] newList = newOC.split(",");
+ String[] deletedList = getExtras(oldList, newList);
+ String[] addedList = getExtras(newList, oldList);
// CMS.debug("addedList = " + join(addedList, ","));
// CMS.debug("deletedList = " + join(deletedList, ","));
- if ((addedList.length ==0) && (deletedList.length == 0))
- return; // no changes
+ if ((addedList.length == 0) && (deletedList.length == 0))
+ return; // no changes
if (oldAdded != null) {
// CMS.debug("oldAdded is " + oldAdded);
- String [] oldAddedList = oldAdded.split(",");
+ String[] oldAddedList = oldAdded.split(",");
addedList = joinLists(addedList, oldAddedList);
}
if (oldDeleted != null) {
// CMS.debug("oldDeleted is " + oldDeleted);
- String [] oldDeletedList = oldDeleted.split(",");
+ String[] oldDeletedList = oldDeleted.split(",");
deletedList = joinLists(deletedList, oldDeletedList);
}
@@ -3046,8 +3043,8 @@ public class PublisherAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store,
+ String id, NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -3057,7 +3054,7 @@ public class PublisherAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (value != null)
+ if (value != null)
rstore.put(key, value);
}
}
@@ -3078,7 +3075,7 @@ public class PublisherAdminServlet extends AdminServlet {
public void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM,
- ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM,
+ ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
index 35bbb91a..cbabe1fd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -36,13 +35,12 @@ import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.ra.IRegistrationAuthority;
import com.netscape.certsrv.request.IRequestListener;
-
/**
* A class representings an administration servlet for Registration
* Authority. This servlet is responsible to serve RA
* administrative operations such as configuration parameter
* updates.
- *
+ *
* @version $Revision$, $Date$
*/
public class RAAdminServlet extends AdminServlet {
@@ -94,7 +92,7 @@ public class RAAdminServlet extends AdminServlet {
* the authenticate manager.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
//get all operational flags
@@ -117,8 +115,8 @@ public class RAAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -144,8 +142,8 @@ public class RAAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -157,7 +155,7 @@ public class RAAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) {
setNotificationReqCompConfig(req, resp);
return;
- }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
+ } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
setNotificationRevCompConfig(req, resp);
return;
} else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
@@ -179,12 +177,12 @@ public class RAAdminServlet extends AdminServlet {
/*==========================================================
* private methods
*==========================================================*/
-
+
/*
* handle getting completion (cert issued) notification config info
*/
private void getNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
@@ -203,19 +201,19 @@ public class RAAdminServlet extends AdminServlet {
params.add(name, rc.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- rc.getString(PROP_ENABLED, Constants.FALSE));
+ params.add(Constants.PR_ENABLE,
+ rc.getString(PROP_ENABLED, Constants.FALSE));
//System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
private void getNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mRA.getConfigStore();
IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
@@ -224,12 +222,12 @@ public class RAAdminServlet extends AdminServlet {
}
private void getNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mRA.getConfigStore();
IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
@@ -241,14 +239,14 @@ public class RAAdminServlet extends AdminServlet {
* handle getting request in queue notification config info
*/
private void getNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mRA.getConfigStore();
IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
@@ -268,8 +266,8 @@ public class RAAdminServlet extends AdminServlet {
params.add(name, riq.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- riq.getString(PROP_ENABLED, Constants.FALSE));
+ params.add(Constants.PR_ENABLE,
+ riq.getString(PROP_ENABLED, Constants.FALSE));
//System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
@@ -278,11 +276,11 @@ public class RAAdminServlet extends AdminServlet {
* handle setting request in queue notification config info
*/
private void setNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mRA.getConfigStore();
IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
@@ -321,7 +319,7 @@ public class RAAdminServlet extends AdminServlet {
* handle setting request complete notification config info
*/
private void setNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
IOException, EBaseException {
//set rest of the parameters
Enumeration e = req.getParameterNames();
@@ -355,24 +353,24 @@ public class RAAdminServlet extends AdminServlet {
}
private void setNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mRA.getConfigStore();
IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener());
-
+
}
private void setNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore config = mRA.getConfigStore();
IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
@@ -380,7 +378,7 @@ public class RAAdminServlet extends AdminServlet {
}
private void getConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore raConfig = mRA.getConfigStore();
IConfigStore connectorConfig = raConfig.getSubStore("connector");
@@ -427,13 +425,13 @@ public class RAAdminServlet extends AdminServlet {
}
private void setConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
IConfigStore raConfig = mRA.getConfigStore();
IConfigStore connectorConfig = raConfig.getSubStore("connector");
IConfigStore caConnectorConfig = null;
- // String nickname = raConfig.getString("certNickname", "");
+ // String nickname = raConfig.getString("certNickname", "");
if (isCAConnector(req)) {
caConnectorConfig = connectorConfig.getSubStore("CA");
@@ -455,12 +453,12 @@ public class RAAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.OP_SCOPE))
continue;
-/*
- if (name.equals("nickName")) {
- caConnectorConfig.putString(name, nickname);
- continue;
- }
-*/
+ /*
+ if (name.equals("nickName")) {
+ caConnectorConfig.putString(name, nickname);
+ continue;
+ }
+ */
caConnectorConfig.putString(name, req.getParameter(name));
}
}
@@ -528,7 +526,7 @@ public class RAAdminServlet extends AdminServlet {
//reading the RA general information
private void readGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -544,13 +542,13 @@ public class RAAdminServlet extends AdminServlet {
}
params.add(Constants.PR_EE_ENABLED, value);
*/
-
+
sendResponse(SUCCESS, null, params, resp);
}
//mdify RA General Information
private void modifyGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
/*
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
index 7605eb2e..36cc7100 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry;
/**
* This implements the administration servlet for registry subsystem.
- *
+ *
* @version $Revision$, $Date$
*/
public class RegistryAdminServlet extends AdminServlet {
@@ -53,8 +52,8 @@ public class RegistryAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "RegistryAdminServlet";
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD =
+ "PASSWORD_CACHE_ADD";
public final static String PROP_PREDICATE = "predicate";
private IAuthority mAuthority = null;
@@ -104,8 +103,8 @@ public class RegistryAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
@@ -113,7 +112,7 @@ public class RegistryAdminServlet extends AdminServlet {
AUTHZ_RES_NAME = "certServer.registry.configuration";
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
-
+
if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) {
if (op.equals(OpDef.OP_READ))
if (!readAuthorize(req, resp))
@@ -124,25 +123,25 @@ public class RegistryAdminServlet extends AdminServlet {
}
}
- private boolean readAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return false;
}
return true;
}
- private boolean modifyAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return false;
}
return true;
@@ -152,8 +151,8 @@ public class RegistryAdminServlet extends AdminServlet {
* Process Policy Implementation Management.
*/
public void processImplMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
@@ -176,16 +175,16 @@ public class RegistryAdminServlet extends AdminServlet {
addImpl(req, resp);
} else
sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ null, resp);
}
public void addImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
- String scope = req.getParameter(Constants.OP_SCOPE);
+ String scope = req.getParameter(Constants.OP_SCOPE);
String classPath = req.getParameter(Constants.PR_POLICY_CLASS);
String desc = req.getParameter(Constants.PR_POLICY_DESC);
@@ -198,17 +197,17 @@ public class RegistryAdminServlet extends AdminServlet {
IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath);
try {
- mRegistry.addPluginInfo(scope, id, info);
+ mRegistry.addPluginInfo(scope, id, info);
} catch (Exception e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
sendResponse(SUCCESS, null, nvp, resp);
}
public void deleteImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
@@ -225,13 +224,13 @@ public class RegistryAdminServlet extends AdminServlet {
sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
return;
}
-
+
NameValuePairs nvp = new NameValuePairs();
try {
- mRegistry.removePluginInfo(scope, id);
+ mRegistry.removePluginInfo(scope, id);
} catch (Exception e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
sendResponse(SUCCESS, null, nvp, resp);
@@ -241,26 +240,26 @@ public class RegistryAdminServlet extends AdminServlet {
* Lists all registered profile impementations
*/
public void listImpls(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
Enumeration<String> impls = mRegistry.getIds(scope);
NameValuePairs nvp = new NameValuePairs();
while (impls.hasMoreElements()) {
- String id = impls.nextElement();
+ String id = impls.nextElement();
IPluginInfo info = mRegistry.getPluginInfo(scope, id);
- nvp.add(id, info.getClassName() + "," +
- info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
- }
+ nvp.add(id, info.getClassName() + "," +
+ info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
+ }
sendResponse(SUCCESS, null, nvp, resp);
}
- public void getSupportedConstraintPolicies(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
+ public void getSupportedConstraintPolicies(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
@@ -273,7 +272,7 @@ public class RegistryAdminServlet extends AdminServlet {
IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id);
String className = info.getClassName();
IPolicyDefault policyDefaultClass = (IPolicyDefault)
- Class.forName(className).newInstance();
+ Class.forName(className).newInstance();
if (policyDefaultClass != null) {
Enumeration<String> impls = mRegistry.getIds("constraintPolicy");
@@ -283,14 +282,14 @@ public class RegistryAdminServlet extends AdminServlet {
IPluginInfo constraintInfo = mRegistry.getPluginInfo(
"constraintPolicy", constraintID);
IPolicyConstraint policyConstraintClass = (IPolicyConstraint)
- Class.forName(constraintInfo.getClassName()).newInstance();
+ Class.forName(constraintInfo.getClassName()).newInstance();
CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName());
if (policyConstraintClass.isApplicable(policyDefaultClass)) {
CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName());
nvp.add(constraintID, constraintInfo.getClassName() + "," +
- constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
+ constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
}
}
}
@@ -302,8 +301,8 @@ public class RegistryAdminServlet extends AdminServlet {
}
public void getProfileImplConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
@@ -320,7 +319,7 @@ public class RegistryAdminServlet extends AdminServlet {
sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
return;
}
-
+
NameValuePairs nvp = new NameValuePairs();
String className = info.getClassName();
@@ -337,19 +336,19 @@ public class RegistryAdminServlet extends AdminServlet {
if (names != null) {
while (names.hasMoreElements()) {
String name = names.nextElement();
- CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
+ CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
IDescriptor desc = template.getConfigDescriptor(getLocale(req), name);
if (desc != null) {
- try {
- String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
-
- CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
- nvp.add(name, value);
- } catch (Exception e) {
-
- CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
- }
+ try {
+ String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
+
+ CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
+ nvp.add(name, value);
+ } catch (Exception e) {
+
+ CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
+ }
} else {
CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index fe8d1826..799638e8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -58,16 +57,15 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Cert;
-
/**
- * A class representing an administration servlet for
+ * A class representing an administration servlet for
* User/Group Manager. It communicates with client
* SDK to allow remote administration of User/Group
* manager.
- *
- * This servlet will be registered to remote
+ *
+ * This servlet will be registered to remote
* administration subsystem by usrgrp manager.
- *
+ *
* @version $Revision$, $Date$
*/
public class UsrGrpAdminServlet extends AdminServlet {
@@ -88,17 +86,16 @@ public class UsrGrpAdminServlet extends AdminServlet {
private final static String BACK_SLASH = "\\";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
private IUGSubsystem mMgr = null;
private IAuthzSubsystem mAuthz = null;
- private static String [] mMultiRoleGroupEnforceList = null;
- private final static String MULTI_ROLE_ENABLE= "multiroles.enable";
+ private static String[] mMultiRoleGroupEnforceList = null;
+ private final static String MULTI_ROLE_ENABLE = "multiroles.enable";
private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
-
/**
* Constructs User/Group manager servlet.
*/
@@ -126,7 +123,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
* Serves incoming User/Group management request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -134,9 +131,9 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (op == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+ null, resp);
return;
}
@@ -148,7 +145,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ null, resp);
return;
}
@@ -181,30 +178,29 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
*/
-
try {
ISubsystem subsystem = CMS.getSubsystem("ca");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_CA_GROUP;
subsystem = CMS.getSubsystem("ra");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_RA_GROUP;
subsystem = CMS.getSubsystem("kra");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_KRA_GROUP;
subsystem = CMS.getSubsystem("ocsp");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_OCSP_GROUP;
subsystem = CMS.getSubsystem("tks");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_TKS_GROUP;
if (scope != null) {
if (scope.equals(ScopeDef.SC_USER_TYPE)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
@@ -216,8 +212,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -234,8 +230,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -252,8 +248,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -270,8 +266,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -285,8 +281,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -296,11 +292,11 @@ public class UsrGrpAdminServlet extends AdminServlet {
findUsers(req, resp);
return;
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+ null, resp);
return;
}
}
@@ -308,21 +304,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, e.toString());
sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ null, resp);
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+ null, resp);
return;
}
}
private void getUserType(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
String id = super.getParameter(req, Constants.RS_ID);
IUser user = mMgr.getUser(id);
@@ -337,14 +333,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
/**
- * Searches for users in LDAP directory. List uids only
- *
+ * Searches for users in LDAP directory. List uids only
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findUsers(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void findUsers(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -355,7 +351,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
e = mMgr.listUsers("*");
} catch (Exception ex) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
return;
}
@@ -384,15 +380,15 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* List user information. Certificates covered in a separate
- * protocol for findUserCerts(). List of group memberships are
- * also provided.
- *
+ * protocol for findUserCerts(). List of group memberships are
+ * also provided.
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void findUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
//get id first
@@ -402,8 +398,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -416,7 +412,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (Exception e) {
e.printStackTrace();
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
return;
}
@@ -435,7 +431,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (Exception ex) {
ex.printStackTrace();
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
return;
}
@@ -445,7 +441,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
IGroup group = (IGroup) e.nextElement();
if (group.isMember(id) == true) {
- if (grpString.length()!=0) {
+ if (grpString.length() != 0) {
grpString.append(",");
}
grpString.append(group.getGroupID());
@@ -461,20 +457,20 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
return;
}
/**
* List user certificate(s)
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findUserCerts(HttpServletRequest req,
- HttpServletResponse resp, Locale clientLocale)
- throws ServletException,
+ private synchronized void findUserCerts(HttpServletRequest req,
+ HttpServletResponse resp, Locale clientLocale)
+ throws ServletException,
IOException, EBaseException {
//get id first
@@ -484,8 +480,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -498,7 +494,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (Exception e) {
e.printStackTrace();
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
return;
}
@@ -506,23 +502,23 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
return;
}
X509Certificate[] certs =
- (X509Certificate[]) user.getX509Certificates();
+ (X509Certificate[]) user.getX509Certificates();
if (certs != null) {
for (int i = 0; i < certs.length; i++) {
ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]);
- // add base64 encoding
- String base64 = CMS.getEncodedCert(certs[i]);
-
+ // add base64 encoding
+ String base64 = CMS.getEncodedCert(certs[i]);
+
// pretty print certs
params.add(getCertificateString(certs[i]),
- print.toString(clientLocale) + "\n" + base64);
+ print.toString(clientLocale) + "\n" + base64);
}
sendResponse(SUCCESS, null, params, resp);
return;
@@ -542,18 +538,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
// note that it did not represent a certificate fully
return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
- ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+ ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
}
/**
* Searchess for groups in LDAP server
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#group
*/
- private synchronized void findGroups(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void findGroups(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -584,11 +580,11 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* finds a group
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void findGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -599,8 +595,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -619,14 +615,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
params.add(Constants.PR_GROUP_GROUP, group.getGroupID());
params.add(Constants.PR_GROUP_DESC,
- group.getDescription());
+ group.getDescription());
Enumeration members = group.getMemberNames();
StringBuffer membersString = new StringBuffer();
if (members != null) {
while (members.hasMoreElements()) {
- if (membersString.length()!=0) {
+ if (membersString.length() != 0) {
membersString.append(", ");
}
@@ -644,7 +640,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
return;
}
@@ -653,24 +649,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Adds a new user to LDAP server
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void addUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -694,8 +688,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -713,8 +707,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
+ null, resp);
return;
}
@@ -732,8 +726,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
+ null, resp);
return;
}
@@ -756,7 +750,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
sendResponse(ERROR, msg, null, resp);
return;
- } else
+ } else
user.setFullName(fname);
String email = super.getParameter(req, Constants.PR_USER_EMAIL);
@@ -835,10 +829,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
}
-
+
if (e.hasMoreElements()) {
IGroup group = (IGroup) e.nextElement();
@@ -858,18 +852,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
}
}
// for audit log
SessionContext sContext = SessionContext.getContext();
String adminId = (String) sContext.get(SessionContext.USER_ID);
-
+
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {adminId, id, groupName}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { adminId, id, groupName }
+ );
}
NameValuePairs params = new NameValuePairs();
@@ -899,10 +893,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (user.getUserID() == null) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
} else {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
}
return;
} catch (LDAPException e) {
@@ -920,7 +914,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
@@ -935,7 +929,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
@@ -980,24 +974,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Adds a certificate to a user
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void addUserCert(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1021,8 +1013,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1068,7 +1060,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
try {
CryptoManager manager = CryptoManager.getInstance();
-
+
PKCS7 pkcs7 = new PKCS7(p7Cert);
X509Certificate p7certs[] = pkcs7.getCertificates();
@@ -1084,7 +1076,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
return;
}
// fix for 370099 - cert ordering can not be assumed
@@ -1095,7 +1087,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
// the ordering
if (p7certs[0].getSubjectDN().toString().equals(
p7certs[0].getIssuerDN().toString()) &&
- (p7certs.length == 1)) {
+ (p7certs.length == 1)) {
certs[0] = p7certs[0];
CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
} else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) {
@@ -1119,7 +1111,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
return;
}
@@ -1140,8 +1132,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
for (j = jBegin; j < jEnd; j++) {
CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN())));
org.mozilla.jss.crypto.X509Certificate leafCert =
- null;
-
+ null;
+
leafCert =
manager.importCACertPackage(p7certs[j].getEncoded());
@@ -1152,10 +1144,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
if (leafCert instanceof InternalCertificate) {
- ((InternalCertificate) leafCert).setSSLTrust(
- InternalCertificate.VALID_CA |
- InternalCertificate.TRUSTED_CA |
- InternalCertificate.TRUSTED_CLIENT_CA);
+ ((InternalCertificate) leafCert).setSSLTrust(
+ InternalCertificate.VALID_CA |
+ InternalCertificate.TRUSTED_CA |
+ InternalCertificate.TRUSTED_CLIENT_CA);
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT",
String.valueOf(p7certs[j].getSubjectDN())));
@@ -1182,7 +1174,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
return;
}
} catch (Exception e) {
@@ -1198,7 +1190,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
return;
}
@@ -1236,10 +1228,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
return;
} catch (CertificateNotYetValidException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
String.valueOf(certs[0].getSubjectDN())));
// store a message in the signed audit log file
@@ -1252,7 +1244,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
return;
} catch (LDAPException e) {
@@ -1265,13 +1257,12 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
- if (e.getLDAPResultCode() ==
- LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
+ if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
} else {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
}
return;
} catch (Exception e) {
@@ -1287,7 +1278,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
return;
}
// } catch( EBaseException eAudit1 ) {
@@ -1332,28 +1323,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Removes a certificate for a user
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
* <P>
- *
- * In this method, "certDN" is actually a combination of version,
- * serialNumber, issuerDN, and SubjectDN.
+ *
+ * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN.
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void modifyUserCert(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1377,8 +1365,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1431,7 +1419,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
return;
}
// } catch( EBaseException eAudit1 ) {
@@ -1474,29 +1462,27 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
/**
- * removes a user. user not removed if belongs to any group
- * (Administrators should remove the user from "uniquemember" of
- * any group he/she belongs to before trying to remove the user
- * itself.
+ * removes a user. user not removed if belongs to any group
+ * (Administrators should remove the user from "uniquemember" of
+ * any group he/she belongs to before trying to remove the user
+ * itself.
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void removeUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void removeUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1528,8 +1514,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
// get list of groups, and see if uid belongs to any
@@ -1570,8 +1556,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
+ null, resp);
return;
}
}
@@ -1604,7 +1590,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
@@ -1649,24 +1635,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Adds a new group in local scope.
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void addGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1691,8 +1675,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1743,8 +1727,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
+ null, resp);
return;
}
} catch (EBaseException eAudit1) {
@@ -1789,24 +1773,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* removes a group
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void removeGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void removeGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1831,8 +1813,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1892,27 +1874,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* modifies a group
* <P>
- *
- * last person of the super power group "Certificate
- * Server Administrators" can never be removed.
+ *
+ * last person of the super power group "Certificate Server Administrators" can never be removed.
* <P>
- *
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ *
+ * http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void modifyGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1937,8 +1917,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -1968,7 +1948,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (multiRole) {
group.addMemberName(memberName);
} else {
- if( isGroupInMultiRoleEnforceList(groupName)) {
+ if (isGroupInMultiRoleEnforceList(groupName)) {
if (!isDuplicate(groupName, memberName)) {
group.addMemberName(memberName);
} else {
@@ -2019,8 +1999,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
+ null, resp);
return;
}
} catch (EBaseException eAudit1) {
@@ -2062,36 +2042,35 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
}
- private boolean isGroupInMultiRoleEnforceList(String groupName)
- {
+ private boolean isGroupInMultiRoleEnforceList(String groupName) {
String groupList = null;
if (groupName == null || groupName.equals("")) {
return true;
}
if (mMultiRoleGroupEnforceList == null) {
- try {
- groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
- } catch (Exception e) {
- }
-
- if (groupList != null && !groupList.equals("")) {
- mMultiRoleGroupEnforceList = groupList.split(",");
- for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) {
- mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
- }
- }
- }
-
- if (mMultiRoleGroupEnforceList == null)
- return true;
-
- for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
- if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
- return true;
- }
- }
- return false;
+ try {
+ groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
+ } catch (Exception e) {
+ }
+
+ if (groupList != null && !groupList.equals("")) {
+ mMultiRoleGroupEnforceList = groupList.split(",");
+ for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) {
+ mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
+ }
+ }
+ }
+
+ if (mMultiRoleGroupEnforceList == null)
+ return true;
+
+ for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
+ if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
+ return true;
+ }
+ }
+ return false;
}
private boolean isDuplicate(String groupName, String memberName) {
@@ -2100,7 +2079,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
// Let's not mess with users that are already a member of this group
boolean isMember = false;
try {
- isMember = mMgr.isMemberOf(memberName,groupName);
+ isMember = mMgr.isMemberOf(memberName, groupName);
} catch (Exception e) {
}
@@ -2134,24 +2113,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Modifies an existing user in local scope.
* <P>
- *
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ *
+ * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
- * role information (anything under users/groups)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
+ private synchronized void modifyUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -2176,8 +2153,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+ null, resp);
return;
}
@@ -2186,7 +2163,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
if ((fname == null) || (fname.length() == 0)) {
String msg =
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
log(ILogger.LL_FAILURE, msg);
@@ -2270,7 +2247,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
@@ -2316,6 +2293,6 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (mLogger == null)
return;
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
- level, "UsrGrpAdminServlet: " + msg);
+ level, "UsrGrpAdminServlet: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 696b091e..d4b5495a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cms.servlet.common.Utils;
import com.netscape.cmsutil.xml.XMLObject;
-
/**
* This is the base class of all CS servlet.
- *
+ *
* @version $Revision$, $Date$
*/
public abstract class CMSServlet extends HttpServlet {
@@ -127,76 +126,55 @@ public abstract class CMSServlet extends HttpServlet {
public final static String AUTHZ_CONFIG_STORE = "authz";
public final static String AUTHZ_SRC_XML = "web.xml";
public final static String PROP_AUTHZ_MGR = "AuthzMgr";
- public final static String PROP_ACL = "ACLinfo";
+ public final static String PROP_ACL = "ACLinfo";
public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
private final static String FAILED = "1";
private final static String HDR_LANG = "accept-language";
-
+
// final error message - if error and exception templates don't work
// send out this text string directly to output.
public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg";
public final static String ERROR_MSG_TOKEN = "$ERROR_MSG";
- public final static String FINAL_ERROR_MSG =
- "<HTML>\n" +
- "<BODY BGCOLOR=white>\n" +
- "<P>\n" +
- "The Certificate System has encountered " +
- "an unrecoverable error.\n" +
- "<P>\n" +
- "Error Message:<BR>\n" +
- "<I>$ERROR_MSG</I>\n" +
- "<P>\n" +
- "Please contact your local administrator for assistance.\n" +
- "</BODY>\n" +
- "</HTML>\n";
+ public final static String FINAL_ERROR_MSG =
+ "<HTML>\n" +
+ "<BODY BGCOLOR=white>\n" +
+ "<P>\n" +
+ "The Certificate System has encountered " +
+ "an unrecoverable error.\n" +
+ "<P>\n" +
+ "Error Message:<BR>\n" +
+ "<I>$ERROR_MSG</I>\n" +
+ "<P>\n" +
+ "Please contact your local administrator for assistance.\n" +
+ "</BODY>\n" +
+ "</HTML>\n";
// properties from configuration.
- protected final static String
- PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
- protected final static String
- UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
- protected final static String
- PROP_SUCCESS_TEMPLATE = "successTemplate";
- protected final static String
- SUCCESS_TEMPLATE = "/GenSuccess.template";
- protected final static String
- PROP_PENDING_TEMPLATE = "pendingTemplate";
- protected final static String
- PENDING_TEMPLATE = "/GenPending.template";
- protected final static String
- PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
- protected final static String
- SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
- protected final static String
- PROP_REJECTED_TEMPLATE = "rejectedTemplate";
- protected final static String
- REJECTED_TEMPLATE = "/GenRejected.template";
- protected final static String
- PROP_ERROR_TEMPLATE = "errorTemplate";
- protected final static String
- ERROR_TEMPLATE = "/GenError.template";
- protected final static String
- PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
- protected final static String
- EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
-
- private final static String
- PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
- protected final static String
- PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
- private final static String
- PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
- private final static String
- PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
- private final static String
- PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
- private final static String
- PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
- private final static String
- PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
+ protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
+ protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
+ protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate";
+ protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template";
+ protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate";
+ protected final static String PENDING_TEMPLATE = "/GenPending.template";
+ protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
+ protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
+ protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate";
+ protected final static String REJECTED_TEMPLATE = "/GenRejected.template";
+ protected final static String PROP_ERROR_TEMPLATE = "errorTemplate";
+ protected final static String ERROR_TEMPLATE = "/GenError.template";
+ protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
+ protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
+
+ private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
+ protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
+ private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
+ private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
+ private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
+ private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
+ private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
protected final static String RA_AGENT_GROUP = "Registration Manager Agents";
protected final static String CA_AGENT_GROUP = "Certificate Manager Agents";
@@ -206,25 +184,18 @@ public abstract class CMSServlet extends HttpServlet {
protected final static String ADMIN_GROUP = "Administrators";
// default http params NOT to save in request.(config values added to list )
- private static final String
- PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
- private static final String[]
- DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd",
+ private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
+ private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd",
"challengePassword", "confirmChallengePassword" };
// default http headers to save in request. (config values added to list)
- private static final String
- PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
- private static final String[]
- SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
+ private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
+ private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
// request prefixes to distinguish from other request attributes.
- public static final String
- PFX_HTTP_HEADER = "HTTP_HEADER";
- public static final String
- PFX_HTTP_PARAM = "HTTP_PARAM";
- public static final String
- PFX_AUTH_TOKEN = "AUTH_TOKEN";
+ public static final String PFX_HTTP_HEADER = "HTTP_HEADER";
+ public static final String PFX_HTTP_PARAM = "HTTP_PARAM";
+ public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN";
/* input http params */
protected final static String AUTHMGR_PARAM = "authenticator";
@@ -232,8 +203,8 @@ public abstract class CMSServlet extends HttpServlet {
/* fixed credential passed to auth managers */
protected final static String CERT_AUTH_CRED = "sslClientCert";
- public static final String CERT_ATTR =
- "javax.servlet.request.X509Certificate";
+ public static final String CERT_ATTR =
+ "javax.servlet.request.X509Certificate";
// members.
@@ -243,7 +214,7 @@ public abstract class CMSServlet extends HttpServlet {
protected ServletConfig mServletConfig = null;
protected ServletContext mServletContext = null;
- private CMSFileLoader mFileLoader = null;
+ private CMSFileLoader mFileLoader = null;
protected Vector<String> mDontSaveHttpParams = new Vector<String>();
protected Vector<String> mSaveHttpHeaders = new Vector<String>();
@@ -258,7 +229,7 @@ public abstract class CMSServlet extends HttpServlet {
// system logger.
protected ILogger mLogger = CMS.getLogger();
protected int mLogCategory = ILogger.S_OTHER;
- private MessageDigest mSHADigest = null;
+ private MessageDigest mSHADigest = null;
protected String mGetClientCert = "false";
protected String mAuthMgr = null;
@@ -270,18 +241,18 @@ public abstract class CMSServlet extends HttpServlet {
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
protected String mOutputTemplatePath = null;
private IUGSubsystem mUG = (IUGSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+ CMS.getSubsystem(CMS.SUBSYSTEM_UG);
private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+ "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+ "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+ "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
- "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+ "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
public CMSServlet() {
}
@@ -328,33 +299,33 @@ public abstract class CMSServlet extends HttpServlet {
if (mAuthority != null)
mRequestQueue = mAuthority.getRequestQueue();
- // set default templates.
+ // set default templates.
setDefaultTemplates(sc);
// for logging to the right authority category.
if (mAuthority == null) {
mLogCategory = ILogger.S_OTHER;
} else {
- if (mAuthority instanceof ICertificateAuthority)
+ if (mAuthority instanceof ICertificateAuthority)
mLogCategory = ILogger.S_CA;
- else if (mAuthority instanceof IRegistrationAuthority)
+ else if (mAuthority instanceof IRegistrationAuthority)
mLogCategory = ILogger.S_RA;
- else if (mAuthority instanceof IKeyRecoveryAuthority)
+ else if (mAuthority instanceof IKeyRecoveryAuthority)
mLogCategory = ILogger.S_KRA;
- else
+ else
mLogCategory = ILogger.S_OTHER;
}
try {
// get final error message.
// used when templates can't even be loaded.
- String eMsg =
- sc.getInitParameter(PROP_FINAL_ERROR_MSG);
+ String eMsg =
+ sc.getInitParameter(PROP_FINAL_ERROR_MSG);
if (eMsg != null)
mFinalErrorMsg = eMsg;
- // get any configured templates.
+ // get any configured templates.
Enumeration<CMSLoadTemplate> templs = mTemplates.elements();
while (templs.hasMoreElements()) {
@@ -363,13 +334,13 @@ public abstract class CMSServlet extends HttpServlet {
if (templ == null || templ.mPropName == null) {
continue;
}
- String tName =
- sc.getInitParameter(templ.mPropName);
+ String tName =
+ sc.getInitParameter(templ.mPropName);
if (tName != null)
templ.mTemplateName = tName;
- String fillerName =
- sc.getInitParameter(templ.mFillerPropName);
+ String fillerName =
+ sc.getInitParameter(templ.mFillerPropName);
if (fillerName != null) {
ICMSTemplateFiller filler = newFillerObject(fillerName);
@@ -385,26 +356,26 @@ public abstract class CMSServlet extends HttpServlet {
getSaveHttpHeaders(sc);
} catch (Exception e) {
// should never occur since we provide defaults above.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+ e.toString()));
throw new ServletException(e.toString());
}
try {
mSHADigest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+ e.toString()));
throw new ServletException(e.toString());
}
}
-
+
public String getId() {
return mId;
}
-
+
public String getAuthMgr() {
return mAuthMgr;
}
@@ -416,44 +387,43 @@ public abstract class CMSServlet extends HttpServlet {
return false;
}
- public void outputHttpParameters(HttpServletRequest httpReq)
- {
- CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
+ public void outputHttpParameters(HttpServletRequest httpReq) {
+ CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
Enumeration<?> paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
- String pn = (String)paramNames.nextElement();
+ String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
// all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.startsWith("p12Password") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("CMSServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("directoryManagerPwd") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.startsWith("p12Password") ||
+ pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("CMSServlet::service() param name='" + pn +
+ "' value='(sensitive)'");
} else {
- CMS.debug("CMSServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("CMSServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
- public void service(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest httpReq,
+ HttpServletResponse httpResp)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
@@ -473,7 +443,7 @@ public abstract class CMSServlet extends HttpServlet {
httpReq.setCharacterEncoding("UTF-8");
if (CMS.debugOn()) {
- outputHttpParameters(httpReq);
+ outputHttpParameters(httpReq);
}
CMS.debug("CMSServlet: " + mId + " start to service.");
String className = this.getClass().getName();
@@ -482,7 +452,7 @@ public abstract class CMSServlet extends HttpServlet {
CMSRequest cmsRequest = newCMSRequest();
// set argblock
- cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq)));
+ cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq)));
// set http request
cmsRequest.setHttpReq(httpReq);
@@ -516,14 +486,14 @@ public abstract class CMSServlet extends HttpServlet {
renderResult(cmsRequest);
SessionContext.releaseContext();
return;
- }
+ }
long startTime = CMS.getCurrentDate().getTime();
process(cmsRequest);
renderResult(cmsRequest);
Date endDate = CMS.getCurrentDate();
long endTime = endDate.getTime();
if (CMS.debugOn()) {
- CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
+ CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
}
iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
} catch (EBaseException e) {
@@ -551,8 +521,9 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Create a new CMSRequest object. This should be overriden by servlets
- * implementing different types of request
- * @return a new CMSRequest object
+ * implementing different types of request
+ *
+ * @return a new CMSRequest object
*/
protected CMSRequest newCMSRequest() {
return new CMSRequest();
@@ -560,30 +531,29 @@ public abstract class CMSServlet extends HttpServlet {
/**
* process an HTTP request. Servlets must override this with their
- * own implementation
- * @throws EBaseException if the servlet was unable to satisfactorily
- * process the request
+ * own implementation
+ *
+ * @throws EBaseException if the servlet was unable to satisfactorily
+ * process the request
*/
- protected void process(CMSRequest cmsRequest)
- throws EBaseException
- {
+ protected void process(CMSRequest cmsRequest)
+ throws EBaseException {
}
-
/**
- * Output a template.
+ * Output a template.
* If an error occurs while outputing the template the exception template
* is used to display the error.
*
* @param cmsReq the CS request
*/
protected void renderResult(CMSRequest cmsReq)
- throws IOException {
+ throws IOException {
if (!mRenderResult)
return;
Integer status = cmsReq.getStatus();
-
+
CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status);
if (ltempl == null || ltempl.mTemplateName == null) {
@@ -594,13 +564,12 @@ public abstract class CMSServlet extends HttpServlet {
renderTemplate(cmsReq, ltempl.mTemplateName, filler);
}
-
+
private static final String PRESERVED = "preserved";
public static final String TEMPLATE_NAME = "templateName";
-
+
protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent,
- String argBlockName, IArgBlock argBlock)
- {
+ String argBlockName, IArgBlock argBlock) {
Node argBlockContainer = xmlObj.createContainer(parent, argBlockName);
if (argBlock != null) {
@@ -614,15 +583,14 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params)
- {
+ protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) {
XMLObject xmlObj = null;
try {
xmlObj = new XMLObject();
Node root = xmlObj.createRoot("xml");
outputArgBlockAsXML(xmlObj, root, "header", params.getHeader());
- outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
+ outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
Enumeration<IArgBlock> records = params.queryRecords();
Node recordsNode = xmlObj.createContainer(root, "records");
@@ -645,14 +613,14 @@ public abstract class CMSServlet extends HttpServlet {
}
protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {
+ CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
+ throws IOException {
try {
IArgBlock httpParams = cmsReq.getHttpParams();
Locale[] locale = new Locale[1];
CMSTemplate template =
- getTemplate(templateName, cmsReq.getHttpReq(), locale);
+ getTemplate(templateName, cmsReq.getHttpReq(), locale);
CMSTemplateParams templateParams = null;
if (filler != null) {
@@ -670,20 +638,20 @@ public abstract class CMSServlet extends HttpServlet {
}
if (httpParams != null) {
- String httpTemplateName =
- httpParams.getValueAsString(
- TEMPLATE_NAME, null);
+ String httpTemplateName =
+ httpParams.getValueAsString(
+ TEMPLATE_NAME, null);
if (httpTemplateName != null) {
templateName = httpTemplateName;
}
}
- if (templateParams == null)
+ if (templateParams == null)
templateParams = new CMSTemplateParams(null, null);
- // #359630
- // inject preserved http parameter into the template
+ // #359630
+ // inject preserved http parameter into the template
if (httpParams != null) {
String preserved = httpParams.getValueAsString(
PRESERVED, null);
@@ -704,32 +672,33 @@ public abstract class CMSServlet extends HttpServlet {
cmsReq.getHttpResp().setContentLength(bos.size());
bos.writeTo(cmsReq.getHttpResp().getOutputStream());
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
- renderException(cmsReq,
- new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
+ renderException(cmsReq,
+ new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
return;
}
}
/**
- * Output exception (unexpected error) template
+ * Output exception (unexpected error) template
* This is different from other templates in that if an exception occurs
- * while rendering the exception a message is printed out directly.
- * If the message gets an error an IOException is thrown.
- * In others if an exception occurs while rendering the template the
- * exception template (this) is called.
+ * while rendering the exception a message is printed out directly.
+ * If the message gets an error an IOException is thrown.
+ * In others if an exception occurs while rendering the template the
+ * exception template (this) is called.
* <p>
+ *
* @param cmsReq the CS request to pass to template filler if any.
* @param e the unexpected exception
*/
- protected void renderException(CMSRequest cmsReq, EBaseException e)
- throws IOException {
+ protected void renderException(CMSRequest cmsReq, EBaseException e)
+ throws IOException {
try {
Locale[] locale = new Locale[1];
- CMSLoadTemplate loadTempl =
- (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
- CMSTemplate template = getTemplate(loadTempl.mTemplateName,
+ CMSLoadTemplate loadTempl =
+ (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
+ CMSTemplate template = getTemplate(loadTempl.mTemplateName,
cmsReq.getHttpReq(), locale);
ICMSTemplateFiller filler = loadTempl.mFiller;
CMSTemplateParams templateParams = null;
@@ -749,7 +718,7 @@ public abstract class CMSServlet extends HttpServlet {
}
if (e != null) {
templateParams.getFixed().set(
- ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
+ ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
}
// just output arg blocks as XML
@@ -772,25 +741,25 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- public void renderFinalError(CMSRequest cmsReq, Exception ex)
- throws IOException {
+ public void renderFinalError(CMSRequest cmsReq, Exception ex)
+ throws IOException {
// this template is the last resort for all other unexpected
// errors in other templates so we can only output text.
HttpServletResponse httpResp = cmsReq.getHttpResp();
httpResp.setContentType("text/html");
ServletOutputStream out = httpResp.getOutputStream();
-
+
// replace $ERRORMSG with exception message if included.
String finalErrMsg = mFinalErrorMsg;
int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN);
if (tokenIdx != -1) {
- finalErrMsg =
+ finalErrMsg =
mFinalErrorMsg.substring(0, tokenIdx) +
- ex.toString() +
- mFinalErrorMsg.substring(
- tokenIdx + ERROR_MSG_TOKEN.length());
+ ex.toString() +
+ mFinalErrorMsg.substring(
+ tokenIdx + ERROR_MSG_TOKEN.length());
}
out.println(finalErrMsg);
return;
@@ -822,12 +791,12 @@ public abstract class CMSServlet extends HttpServlet {
}
/**
- * construct a authentication credentials to pass into authentication
+ * construct a authentication credentials to pass into authentication
* manager.
*/
public static AuthCredentials getAuthCreds(
- IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
- throws EBaseException {
+ IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
+ throws EBaseException {
// get credentials from http parameters.
String[] reqCreds = authMgr.getRequiredCreds();
AuthCredentials creds = new AuthCredentials();
@@ -837,8 +806,8 @@ public abstract class CMSServlet extends HttpServlet {
if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
// cert could be null;
- creds.set(reqCred, new X509Certificate[] { clientCert}
- );
+ creds.set(reqCred, new X509Certificate[] { clientCert }
+ );
} else {
String value = argBlock.getValueAsString(reqCred);
@@ -854,19 +823,19 @@ public abstract class CMSServlet extends HttpServlet {
/**
* get ssl client authenticated certificate
*/
- protected X509Certificate
- getSSLClientCertificate(HttpServletRequest httpReq)
- throws EBaseException {
+ protected X509Certificate
+ getSSLClientCertificate(HttpServletRequest httpReq)
+ throws EBaseException {
X509Certificate cert = null;
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
- CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+ CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
// iws60 support Java Servlet Spec V2.2, attribute
// javax.servlet.request.X509Certificate now contains array
// of X509Certificates instead of one X509Certificate object
- X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
+ X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
if (allCerts == null || allCerts.length == 0) {
throw new EBaseException("You did not provide a valid certificate for this operation");
@@ -876,10 +845,10 @@ public abstract class CMSServlet extends HttpServlet {
if (cert == null) {
// just don't have a cert.
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
return null;
- }
+ }
// convert to sun's x509 cert interface.
try {
@@ -888,53 +857,53 @@ public abstract class CMSServlet extends HttpServlet {
cert = new X509CertImpl(certEncoded);
} catch (CertificateEncodingException e) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
return null;
} catch (CertificateException e) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
return null;
}
- return cert;
+ return cert;
}
/**
* get a template based on result status.
*/
protected CMSTemplate getTemplate(
- String templateName, HttpServletRequest httpReq, Locale[] locale)
- throws EBaseException, IOException {
+ String templateName, HttpServletRequest httpReq, Locale[] locale)
+ throws EBaseException, IOException {
// this converts to system dependent file seperator char.
if (mServletConfig == null) {
- CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" );
+ CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!");
return null;
}
if (mServletConfig.getServletContext() == null) {
}
if (templateName == null) {
}
- String realpath =
- mServletConfig.getServletContext().getRealPath("/" + templateName);
+ String realpath =
+ mServletConfig.getServletContext().getRealPath("/" + templateName);
if (realpath == null) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
File realpathFile = new File(realpath);
- File templateFile =
- getLangFile(httpReq, realpathFile, locale);
+ File templateFile =
+ getLangFile(httpReq, realpathFile, locale);
String charSet = httpReq.getCharacterEncoding();
if (charSet == null) {
charSet = "UTF8";
}
- CMSTemplate template =
- (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
+ CMSTemplate template =
+ (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
return template;
}
@@ -943,13 +912,13 @@ public abstract class CMSServlet extends HttpServlet {
* log according to authority category.
*/
protected void log(int event, int level, String msg) {
- mLogger.log(event, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ mLogger.log(event, mLogCategory, level,
+ "Servlet " + mId + ": " + msg);
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
+ "Servlet " + mId + ": " + msg);
}
/**
@@ -965,8 +934,8 @@ public abstract class CMSServlet extends HttpServlet {
dontSaveParams = sc.getInitParameter(
PROP_DONT_SAVE_HTTP_PARAMS);
if (dontSaveParams != null) {
- StringTokenizer params =
- new StringTokenizer(dontSaveParams, ",");
+ StringTokenizer params =
+ new StringTokenizer(dontSaveParams, ",");
while (params.hasMoreTokens()) {
String param = params.nextToken();
@@ -976,8 +945,8 @@ public abstract class CMSServlet extends HttpServlet {
}
} catch (Exception e) {
// should never happen
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
// default just in case.
for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
@@ -997,12 +966,12 @@ public abstract class CMSServlet extends HttpServlet {
}
// now get from config file if there's more.
- String saveHeaders =
- sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
+ String saveHeaders =
+ sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
- if (saveHeaders != null) {
- StringTokenizer headers =
- new StringTokenizer(saveHeaders, ",");
+ if (saveHeaders != null) {
+ StringTokenizer headers =
+ new StringTokenizer(saveHeaders, ",");
while (headers.hasMoreTokens()) {
String hdr = headers.nextToken();
@@ -1021,8 +990,8 @@ public abstract class CMSServlet extends HttpServlet {
* save http headers in a IRequest.
*/
protected void saveHttpHeaders(
- HttpServletRequest httpReq, IRequest req)
- throws EBaseException {
+ HttpServletRequest httpReq, IRequest req)
+ throws EBaseException {
Hashtable<String, String> headers = new Hashtable<String, String>();
Enumeration<String> hdrs = mSaveHttpHeaders.elements();
@@ -1041,7 +1010,7 @@ public abstract class CMSServlet extends HttpServlet {
* save http headers in a IRequest.
*/
protected void saveHttpParams(
- IArgBlock httpParams, IRequest req) {
+ IArgBlock httpParams, IRequest req) {
Hashtable<String, String> saveParams = new Hashtable<String, String>();
Enumeration<String> names = httpParams.elements();
@@ -1075,14 +1044,14 @@ public abstract class CMSServlet extends HttpServlet {
* handy routine for getting a cert record given a serial number.
*/
protected ICertRecord getCertRecord(BigInteger serialNo) {
- if (mAuthority == null ||
- !(mAuthority instanceof ICertificateAuthority)) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
+ if (mAuthority == null ||
+ !(mAuthority instanceof ICertificateAuthority)) {
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
return null;
}
- ICertificateRepository certdb =
- (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ ICertificateRepository certdb =
+ (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
if (certdb == null) {
log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
@@ -1093,8 +1062,8 @@ public abstract class CMSServlet extends HttpServlet {
try {
certRecord = certdb.readCertificateRecord(serialNo);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
return null;
}
return certRecord;
@@ -1126,18 +1095,18 @@ public abstract class CMSServlet extends HttpServlet {
}
/**
- * handy routine for getting a certificate from the certificate
+ * handy routine for getting a certificate from the certificate
* repository. mAuthority must be a CA.
*/
protected X509Certificate getX509Certificate(BigInteger serialNo) {
- if (mAuthority == null ||
- !(mAuthority instanceof ICertificateAuthority)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
+ if (mAuthority == null ||
+ !(mAuthority instanceof ICertificateAuthority)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
return null;
}
- ICertificateRepository certdb =
- (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ ICertificateRepository certdb =
+ (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
if (certdb == null) {
log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
@@ -1148,15 +1117,16 @@ public abstract class CMSServlet extends HttpServlet {
try {
cert = certdb.getX509Certificate(serialNo);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
return null;
}
return cert;
}
/**
- * instantiate a new filler from a class name,
+ * instantiate a new filler from a class name,
+ *
* @return null if can't be instantiated, new instance otherwise.
*/
protected ICMSTemplateFiller newFillerObject(String fillerClass) {
@@ -1169,8 +1139,8 @@ public abstract class CMSServlet extends HttpServlet {
if ((e instanceof RuntimeException)) {
throw (RuntimeException) e;
} else {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
return null;
}
}
@@ -1178,8 +1148,8 @@ public abstract class CMSServlet extends HttpServlet {
}
/**
- * set default templates.
- * subclasses can override, and should override at least the success
+ * set default templates.
+ * subclasses can override, and should override at least the success
* template
*/
protected void setDefaultTemplates(ServletConfig sc) {
@@ -1211,16 +1181,16 @@ public abstract class CMSServlet extends HttpServlet {
successTemplate = SUCCESS_TEMPLATE;
if (gateway != null)
//successTemplate = "/"+gateway+successTemplate;
- successTemplate = "/"+gateway+successTemplate;
+ successTemplate = "/" + gateway + successTemplate;
}
errorTemplate = sc.getInitParameter(
PROP_ERROR_TEMPLATE);
if (errorTemplate == null) {
errorTemplate = ERROR_TEMPLATE;
- if (gateway != null)
+ if (gateway != null)
//errorTemplate = "/"+gateway+errorTemplate;
- errorTemplate = "/"+gateway+errorTemplate;
+ errorTemplate = "/" + gateway + errorTemplate;
}
unauthorizedTemplate = sc.getInitParameter(
@@ -1229,7 +1199,7 @@ public abstract class CMSServlet extends HttpServlet {
unauthorizedTemplate = UNAUTHORIZED_TEMPLATE;
if (gateway != null)
//unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
- unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
+ unauthorizedTemplate = "/" + gateway + unauthorizedTemplate;
}
pendingTemplate = sc.getInitParameter(
@@ -1238,7 +1208,7 @@ public abstract class CMSServlet extends HttpServlet {
pendingTemplate = PENDING_TEMPLATE;
if (gateway != null)
//pendingTemplate = "/"+gateway+pendingTemplate;
- pendingTemplate = "/"+gateway+pendingTemplate;
+ pendingTemplate = "/" + gateway + pendingTemplate;
}
svcpendingTemplate = sc.getInitParameter(
@@ -1247,7 +1217,7 @@ public abstract class CMSServlet extends HttpServlet {
svcpendingTemplate = SVC_PENDING_TEMPLATE;
if (gateway != null)
//svcpendingTemplate = "/"+gateway+svcpendingTemplate;
- svcpendingTemplate = "/"+gateway+svcpendingTemplate;
+ svcpendingTemplate = "/" + gateway + svcpendingTemplate;
}
rejectedTemplate = sc.getInitParameter(
@@ -1256,7 +1226,7 @@ public abstract class CMSServlet extends HttpServlet {
rejectedTemplate = REJECTED_TEMPLATE;
if (gateway != null)
//rejectedTemplate = "/"+gateway+rejectedTemplate;
- rejectedTemplate = "/"+gateway+rejectedTemplate;
+ rejectedTemplate = "/" + gateway + rejectedTemplate;
}
unexpectedErrorTemplate = sc.getInitParameter(
@@ -1265,50 +1235,50 @@ public abstract class CMSServlet extends HttpServlet {
unexpectedErrorTemplate = EXCEPTION_TEMPLATE;
if (gateway != null)
//unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
- unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
+ unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate;
}
} catch (Exception e) {
// this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+ mId));
}
mTemplates.put(
- CMSRequest.UNAUTHORIZED,
- new CMSLoadTemplate(
- PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
- unauthorizedTemplate, null));
+ CMSRequest.UNAUTHORIZED,
+ new CMSLoadTemplate(
+ PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
+ unauthorizedTemplate, null));
mTemplates.put(
- CMSRequest.SUCCESS,
- new CMSLoadTemplate(
- PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
- successTemplate, new GenSuccessTemplateFiller()));
+ CMSRequest.SUCCESS,
+ new CMSLoadTemplate(
+ PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
+ successTemplate, new GenSuccessTemplateFiller()));
mTemplates.put(
- CMSRequest.PENDING,
- new CMSLoadTemplate(
- PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
- pendingTemplate, new GenPendingTemplateFiller()));
+ CMSRequest.PENDING,
+ new CMSLoadTemplate(
+ PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
+ pendingTemplate, new GenPendingTemplateFiller()));
mTemplates.put(
- CMSRequest.SVC_PENDING,
- new CMSLoadTemplate(
- PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
- svcpendingTemplate, new GenSvcPendingTemplateFiller()));
+ CMSRequest.SVC_PENDING,
+ new CMSLoadTemplate(
+ PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
+ svcpendingTemplate, new GenSvcPendingTemplateFiller()));
mTemplates.put(
- CMSRequest.REJECTED,
- new CMSLoadTemplate(
- PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
- rejectedTemplate, new GenRejectedTemplateFiller()));
+ CMSRequest.REJECTED,
+ new CMSLoadTemplate(
+ PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
+ rejectedTemplate, new GenRejectedTemplateFiller()));
mTemplates.put(
- CMSRequest.ERROR,
- new CMSLoadTemplate(
- PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
- errorTemplate, new GenErrorTemplateFiller()));
+ CMSRequest.ERROR,
+ new CMSLoadTemplate(
+ PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
+ errorTemplate, new GenErrorTemplateFiller()));
mTemplates.put(
- CMSRequest.EXCEPTION,
- new CMSLoadTemplate(
- PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
- unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
+ CMSRequest.EXCEPTION,
+ new CMSLoadTemplate(
+ PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
+ unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
}
/**
@@ -1317,8 +1287,8 @@ public abstract class CMSServlet extends HttpServlet {
public static boolean clientIsNav(HttpServletRequest httpReq) {
String useragent = httpReq.getHeader("user-agent");
- if (useragent.startsWith("Mozilla") &&
- useragent.indexOf("MSIE") == -1)
+ if (useragent.startsWith("Mozilla") &&
+ useragent.indexOf("MSIE") == -1)
return true;
return false;
}
@@ -1339,10 +1309,11 @@ public abstract class CMSServlet extends HttpServlet {
* set using cartman JS. (no other way to tell)
*/
private static String CMMF_RESPONSE = "cmmfResponse";
+
public static boolean doCMMFResponse(IArgBlock httpParams) {
if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false))
return true;
- else
+ else
return false;
}
@@ -1350,29 +1321,24 @@ public abstract class CMSServlet extends HttpServlet {
private static final String IMPORT_CHAIN = "importCAChain";
private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType";
// default mime type
- private static final String
- NS_X509_USER_CERT = "application/x-x509-user-cert";
- private static final String
- NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
+ private static final String NS_X509_USER_CERT = "application/x-x509-user-cert";
+ private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
// CMC mime types
- public static final String
- SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
- public static final String
- SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
- public static final String
- FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
- public static final String
- FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+ public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
+ public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+ public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
+ public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
/**
* handy routine to check if client want full enrollment response
*/
public static String FULL_RESPONSE = "fullResponse";
+
public static boolean doFullResponse(IArgBlock httpParams) {
if (httpParams.getValueAsBoolean(FULL_RESPONSE, false))
return true;
- else
+ else
return false;
}
@@ -1381,19 +1347,19 @@ public abstract class CMSServlet extends HttpServlet {
* @return true if import cert directly is true and import cert.
*/
protected boolean checkImportCertToNav(
- HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
- throws EBaseException {
+ HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
+ throws EBaseException {
if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) {
return false;
}
boolean importCAChain =
- httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
+ httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
// XXX Temporary workaround because of problem with passing Mime type
boolean emailCert =
- httpParams.getValueAsBoolean("emailCert", false);
+ httpParams.getValueAsBoolean("emailCert", false);
String importMimeType = (emailCert) ?
- httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
- httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
+ httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
+ httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
// String importMimeType =
// httpParams.getValueAsString(
@@ -1406,17 +1372,17 @@ public abstract class CMSServlet extends HttpServlet {
* handy routine to import cert to old navigator in nav mime type.
*/
public void importCertToNav(
- HttpServletResponse httpResp, X509CertImpl cert,
- String contentType, boolean importCAChain)
- throws EBaseException {
+ HttpServletResponse httpResp, X509CertImpl cert,
+ String contentType, boolean importCAChain)
+ throws EBaseException {
ServletOutputStream out = null;
byte[] encoding = null;
- CMS.debug("CMSServlet: importCertToNav " +
- "contentType=" + contentType + " " +
+ CMS.debug("CMSServlet: importCertToNav " +
+ "contentType=" + contentType + " " +
"importCAChain=" + importCAChain);
- try {
- out = httpResp.getOutputStream();
+ try {
+ out = httpResp.getOutputStream();
// CA chain.
if (importCAChain) {
CertificateChain caChain = null;
@@ -1427,8 +1393,8 @@ public abstract class CMSServlet extends HttpServlet {
caCerts = caChain.getChain();
// set user + CA cert chain in pkcs7
- X509CertImpl[] userChain =
- new X509CertImpl[caCerts.length + 1];
+ X509CertImpl[] userChain =
+ new X509CertImpl[caCerts.length + 1];
userChain[0] = cert;
int m = 1, n = 0;
@@ -1456,16 +1422,16 @@ public abstract class CMSServlet extends HttpServlet {
}
httpResp.setContentType(contentType);
out.write(encoding);
- } catch (IOException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
+ } catch (IOException e) {
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT"));
} catch (CertificateEncodingException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
@@ -1511,13 +1477,13 @@ public abstract class CMSServlet extends HttpServlet {
* handy routine for getting agent's relative path
*/
protected String getRelPath(IAuthority authority) {
- if (authority instanceof ICertificateAuthority)
+ if (authority instanceof ICertificateAuthority)
return "ca/";
- else if (authority instanceof IRegistrationAuthority)
+ else if (authority instanceof IRegistrationAuthority)
return "ra/";
- else if (authority instanceof IKeyRecoveryAuthority)
+ else if (authority instanceof IKeyRecoveryAuthority)
return "kra/";
- else
+ else
return "/";
}
@@ -1531,55 +1497,57 @@ public abstract class CMSServlet extends HttpServlet {
if (!(mAuthority instanceof ICertificateAuthority)) {
return false;
}
- X509Certificate caCert =
- ((ICertificateAuthority)mAuthority).getCACert();
+ X509Certificate caCert =
+ ((ICertificateAuthority) mAuthority).getCACert();
if (caCert != null) {
- /* only check this if we are self-signed */
- if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
- if (caCert.getSerialNumber().equals(serialNo)) {
- return true;
+ /* only check this if we are self-signed */
+ if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
+ if (caCert.getSerialNumber().equals(serialNo)) {
+ return true;
+ }
}
- }
}
return false;
}
/**
* make a CRL entry from a serial number and revocation reason.
+ *
* @return a RevokedCertImpl that can be entered in a CRL.
*/
protected RevokedCertImpl formCRLEntry(
- BigInteger serialNo, RevocationReason reason)
- throws EBaseException {
+ BigInteger serialNo, RevocationReason reason)
+ throws EBaseException {
CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
CRLExtensions crlentryexts = new CRLExtensions();
try {
crlentryexts.set(CRLReasonExtension.class.getSimpleName(), reasonExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
}
- RevokedCertImpl crlentry =
- new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
+ RevokedCertImpl crlentry =
+ new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
return crlentry;
}
/**
* check if a certificate (serial number) is revoked on a CA.
+ *
* @return true if cert is marked revoked in the CA's database.
- * @return false if cert is not marked revoked.
+ * @return false if cert is not marked revoked.
*/
- protected boolean certIsRevoked(BigInteger serialNum)
- throws EBaseException {
+ protected boolean certIsRevoked(BigInteger serialNum)
+ throws EBaseException {
ICertRecord certRecord = getCertRecord(serialNum);
if (certRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_INVALID_CERT"));
}
@@ -1590,7 +1558,7 @@ public abstract class CMSServlet extends HttpServlet {
public static String generateSalt() {
Random rnd = new Random();
- String salt = new Integer( rnd.nextInt() ).toString();
+ String salt = new Integer(rnd.nextInt()).toString();
return salt;
}
@@ -1608,8 +1576,8 @@ public abstract class CMSServlet extends HttpServlet {
* @param locale array of at least one to be filled with locale found.
*/
public static File getLangFile(
- HttpServletRequest req, File realpathFile, Locale[] locale)
- throws IOException {
+ HttpServletRequest req, File realpathFile, Locale[] locale)
+ throws IOException {
File file = null;
String acceptLang = req.getHeader("accept-language");
@@ -1626,7 +1594,7 @@ public abstract class CMSServlet extends HttpServlet {
}
String name = realpathFile.getName();
- if (name == null) { // filename should never be null.
+ if (name == null) { // filename should never be null.
throw new IOException("file has no name");
}
int i;
@@ -1655,8 +1623,8 @@ public abstract class CMSServlet extends HttpServlet {
}
String langfilepath =
- parent + File.separatorChar +
- lang + File.separatorChar + name;
+ parent + File.separatorChar +
+ lang + File.separatorChar + name;
file = new File(langfilepath);
if (file.exists()) {
@@ -1688,18 +1656,18 @@ public abstract class CMSServlet extends HttpServlet {
}
public IAuthToken authenticate(CMSRequest req)
- throws EBaseException {
+ throws EBaseException {
return authenticate(req, mAuthMgr);
}
public IAuthToken authenticate(HttpServletRequest httpReq)
- throws EBaseException {
+ throws EBaseException {
return authenticate(httpReq, mAuthMgr);
}
- public IAuthToken authenticate(CMSRequest req, String authMgrName)
- throws EBaseException {
- IAuthToken authToken = authenticate(req.getHttpReq(),
+ public IAuthToken authenticate(CMSRequest req, String authMgrName)
+ throws EBaseException {
+ IAuthToken authToken = authenticate(req.getHttpReq(),
authMgrName);
saveAuthToken(authToken, req.getIRequest());
@@ -1709,19 +1677,16 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Authentication
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
- * fails (in case of SSL-client auth, only webserver env can pick up the
- * SSL violation; CS authMgr can pick up cert mis-match, so this event
- * is used)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
- * succeeded
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
* </ul>
+ *
* @exception EBaseException an error has occurred
*/
public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName)
- throws EBaseException {
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = ILogger.UNIDENTIFIED;
String auditAuthMgrID = ILogger.UNIDENTIFIED;
@@ -1750,9 +1715,9 @@ public abstract class CMSServlet extends HttpServlet {
//
// check ssl client authentication if specified.
//
- X509Certificate clientCert = null;
+ X509Certificate clientCert = null;
- if (getClientCert != null && getClientCert.equals("true")) {
+ if (getClientCert != null && getClientCert.equals("true")) {
CMS.debug("CMSServlet: retrieving SSL certificate");
clientCert = getSSLClientCertificate(httpReq);
}
@@ -1795,10 +1760,10 @@ public abstract class CMSServlet extends HttpServlet {
}
AuthToken authToken = CMSGateway.checkAuthManager(httpReq,
httpArgs,
- clientCert,
+ clientCert,
authMgrName);
if (authToken == null) {
- return null;
+ return null;
}
String userid = authToken.getInString(IAuthToken.USER_ID);
@@ -1807,7 +1772,7 @@ public abstract class CMSServlet extends HttpServlet {
if (userid != null) {
ctx.put(SessionContext.USER_ID, userid);
}
-
+
// reset the "auditSubjectID"
auditSubjectID = auditSubjectID();
@@ -1828,7 +1793,7 @@ public abstract class CMSServlet extends HttpServlet {
auditSubjectID,
ILogger.FAILURE,
auditAuthMgrID,
- auditUID);
+ auditUID);
audit(auditMessage);
// rethrow the specific exception to be handled later
@@ -1837,7 +1802,7 @@ public abstract class CMSServlet extends HttpServlet {
}
public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
- String exp) throws EBaseException {
+ String exp) throws EBaseException {
AuthzToken authzToken = null;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1911,29 +1876,27 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Authorize must occur after Authenticate
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
- * has failed
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
- * is successful
- * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
- * role (in current CS that's when one accesses a role port)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
* </ul>
+ *
* @param authzMgrName string representing the name of the authorization
- * manager
+ * manager
* @param authToken the authentication token
* @param resource a string representing the ACL resource id as defined in
- * the ACL resource list
+ * the ACL resource list
* @param operation a string representing one of the operations as defined
- * within the ACL statement (e. g. - "read" for an ACL statement containing
- * "(read,write)")
+ * within the ACL statement (e. g. - "read" for an ACL statement containing
+ * "(read,write)")
* @exception EBaseException an error has occurred
* @return the authorization token
*/
public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
- String resource, String operation)
- throws EBaseException {
+ String resource, String operation)
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditGroupID = auditGroupID();
@@ -1941,19 +1904,18 @@ public abstract class CMSServlet extends HttpServlet {
String auditACLResource = resource;
String auditOperation = operation;
-
SessionContext auditContext = SessionContext.getExistingContext();
String authManagerId = null;
- if(auditContext != null) {
+ if (auditContext != null) {
authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID);
-
- if(authManagerId != null && authManagerId.equals("TokenAuth")) {
- if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
- CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
- auditID = auditGroupID;
- }
+
+ if (authManagerId != null && authManagerId.equals("TokenAuth")) {
+ if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
+ auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
+ auditID = auditGroupID;
+ }
}
}
@@ -2073,11 +2035,11 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Signed Audit Log
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -2089,20 +2051,20 @@ public abstract class CMSServlet extends HttpServlet {
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to obtain the "SubjectID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -2137,12 +2099,12 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Signed Audit Log Group ID
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to obtain the "gid" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditGroupID() {
@@ -2177,14 +2139,14 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Signed Audit Groups
- *
+ *
* This method is called to extract all "groups" associated
* with the "auditSubjectID()".
* <P>
- *
+ *
* @param id string containing the signed audit log message SubjectID
* @return a delimited string of groups associated
- * with the "auditSubjectID()"
+ * with the "auditSubjectID()"
*/
private String auditGroups(String SubjectID) {
// if no signed audit object exists, bail
@@ -2193,7 +2155,7 @@ public abstract class CMSServlet extends HttpServlet {
}
if ((SubjectID == null) ||
- (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+ (SubjectID.equals(ILogger.UNIDENTIFIED))) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -2211,7 +2173,7 @@ public abstract class CMSServlet extends HttpServlet {
IGroup group = (IGroup) groups.nextElement();
if (group.isMember(SubjectID) == true) {
- if (membersString.length()!= 0) {
+ if (membersString.length() != 0) {
membersString.append(", ");
}
@@ -2219,7 +2181,7 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- if (membersString.length()!=0) {
+ if (membersString.length() != 0) {
return membersString.toString();
} else {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -2243,18 +2205,18 @@ public abstract class CMSServlet extends HttpServlet {
return locale;
}
- protected void outputResult(HttpServletResponse httpResp,
- String contentType, byte[] content) {
+ protected void outputResult(HttpServletResponse httpResp,
+ String contentType, byte[] content) {
try {
OutputStream os = httpResp.getOutputStream();
-
+
httpResp.setContentType(contentType);
httpResp.setContentLength(content.length);
os.write(content);
os.flush();
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
return;
}
}
@@ -2288,34 +2250,36 @@ public abstract class CMSServlet extends HttpServlet {
} catch (Exception ee) {
CMS.debug("Failed to send XML output to the server.");
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
}
}
- protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
- {
+ protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
StringBuffer result = new StringBuffer();
// Do we need to escape any characters
for (int i = 0; i < v.length(); i++) {
int c = v.charAt(i);
if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- if ((c == 0x5c) && ((i+1) < v.length())) {
- int nextC = v.charAt(i+1);
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' || c == '"') {
+ if ((c == 0x5c) && ((i + 1) < v.length())) {
+ int nextC = v.charAt(i + 1);
if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
nextC == '<' || nextC == '>' || nextC == '#' ||
nextC == ';' || nextC == '\r' || nextC == '\n' ||
nextC == '\\' || nextC == '"')) {
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
} else {
result.append('\\');
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
}
} else {
result.append('\\');
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
}
}
if (c == '\r') {
@@ -2323,11 +2287,10 @@ public abstract class CMSServlet extends HttpServlet {
} else if (c == '\n') {
result.append("0A");
} else {
- result.append((char)c);
+ result.append((char) c);
}
}
return result;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index 64c59c5a..4bfc7460 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
@@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cmsutil.util.Utils;
-
/**
* This servlet is started by the web server at startup, and
* it starts the CMS framework.
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSStartServlet extends HttpServlet {
@@ -55,34 +53,34 @@ public class CMSStartServlet extends HttpServlet {
if (!f.exists()) {
int index = path.lastIndexOf("CS.cfg");
if (index != -1) {
- old_path = path.substring(0, index)+"CMS.cfg";
+ old_path = path.substring(0, index) + "CMS.cfg";
}
File f1 = new File(old_path);
if (f1.exists()) {
// The following block of code moves "CMS.cfg" to "CS.cfg".
try {
- if( Utils.isNT() ) {
+ if (Utils.isNT()) {
// NT is very picky on the path
- Utils.exec( "copy " +
- f1.getAbsolutePath().replace( '/', '\\' ) +
+ Utils.exec("copy " +
+ f1.getAbsolutePath().replace('/', '\\') +
" " +
- f.getAbsolutePath().replace( '/', '\\' ) );
+ f.getAbsolutePath().replace('/', '\\'));
} else {
// Create a copy of the original file which
// preserves the original file permissions.
- Utils.exec( "cp -p " + f1.getAbsolutePath() + " " +
- f.getAbsolutePath() );
+ Utils.exec("cp -p " + f1.getAbsolutePath() + " " +
+ f.getAbsolutePath());
}
// Remove the original file if and only if
// the backup copy was successful.
- if( f.exists() ) {
+ if (f.exists()) {
f1.delete();
// Make certain that the new file has
// the correct permissions.
- if( !Utils.isNT() ) {
- Utils.exec( "chmod 00660 " + f.getAbsolutePath() );
+ if (!Utils.isNT()) {
+ Utils.exec("chmod 00660 " + f.getAbsolutePath());
}
}
} catch (Exception e) {
@@ -96,7 +94,7 @@ public class CMSStartServlet extends HttpServlet {
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
- throws ServletException, IOException {
+ throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
index 8d853f0b..ffd602b2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -33,10 +32,9 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* This is the servlet that displays the html page for the corresponding input id.
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayHtmlServlet extends CMSServlet {
@@ -55,7 +53,7 @@ public class DisplayHtmlServlet extends CMSServlet {
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
- mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
+ mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -68,18 +66,18 @@ public class DisplayHtmlServlet extends CMSServlet {
IAuthToken authToken = authenticate(cmsReq);
try {
- String realpath =
- mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
+ String realpath =
+ mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
if (realpath == null) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ;
+ ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
File file = new File(realpath);
long flen = file.length();
- byte[] bin = new byte[(int)flen];
+ byte[] bin = new byte[(int) flen];
FileInputStream ins = new FileInputStream(file);
int len = 0;
@@ -92,9 +90,9 @@ public class DisplayHtmlServlet extends CMSServlet {
ins.close();
bos.close();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
index 9607fbe2..f7f31b19 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.Date;
import java.util.Enumeration;
@@ -39,14 +38,12 @@ import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-
/**
* Return some javascript to the request which contains the list of
* dynamic data in the CMS system.
* <p>
- * This allows the requestor (browser) to make decisions about what
- * to present in the UI, depending on how CMS is configured
- *
+ * This allows the requestor (browser) to make decisions about what to present in the UI, depending on how CMS is configured
+ *
* @version $Revision$, $Date$
*/
public class DynamicVariablesServlet extends CMSServlet {
@@ -83,10 +80,10 @@ public class DynamicVariablesServlet extends CMSServlet {
private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()";
private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6);
private String VAR_CLA_CRL_URL_VALUE = null;
-
+
private String mAuthMgrCacheString = "";
- private long mAuthMgrCacheTime = 0;
- private final int AUTHMGRCACHE = 10; //number of seconds to cache list of
+ private long mAuthMgrCacheTime = 0;
+ private final int AUTHMGRCACHE = 10; //number of seconds to cache list of
// authmanagers for
private Hashtable dynvars = null;
private String mGetClientCert = "false";
@@ -99,7 +96,7 @@ public class DynamicVariablesServlet extends CMSServlet {
IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING);
try {
- mCrlurl =
+ mCrlurl =
config.getString(PROP_CRLURL, "");
} catch (EBaseException e) {
}
@@ -119,33 +116,27 @@ public class DynamicVariablesServlet extends CMSServlet {
/**
* Reads the following variables from the servlet config:
* <ul>
- * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request
- * <li><strong>GetClientCert</strong> - whether to request client auth for this request
- * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client
- * <li><strong>dynamicVariables</strong> - a string of the form:
- * serverdate=serverdate(),subsystemname=subsystemname(),
- * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
+ * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request
+ * <li><strong>GetClientCert</strong> - whether to request client auth for this request
+ * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client
+ * <li><strong>dynamicVariables</strong> - a string of the form: serverdate=serverdate(),subsystemname=subsystemname(), http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
* </ul>
* The dynamicVariables string is parsed by splitting on commas.
* When services, the HTTP request provides a piece of javascript
* code as follows.
* <p>
- * Each sub expression "lhs=rhs()" forms a javascript statement of the form
- * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the
- * rhs. The possible values for the rhs() function are:
+ * Each sub expression "lhs=rhs()" forms a javascript statement of the form <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. The possible values for the rhs() function are:
* <ul>
- * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client
- * clock is set correctly)
+ * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client clock is set correctly)
* <li><strong>subsystemname()</strong>
* <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https)
* <li>authmgrs() - a comma separated list of authentication managers
- * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is
- * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
+ * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
* </ul>
+ *
* @see javax.servlet.Servlet#init(ServletConfig)
*/
-
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
@@ -194,8 +185,8 @@ public class DynamicVariablesServlet extends CMSServlet {
}
public void service(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException, IOException {
+ HttpServletResponse httpResp)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
@@ -214,7 +205,7 @@ public class DynamicVariablesServlet extends CMSServlet {
httpResp.setContentType("application/x-javascript");
httpResp.setHeader("Pragma", "no-cache");
-
+
try {
ServletOutputStream os = httpResp.getOutputStream();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
index 3b8f8bd4..f96cb0e1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.Date;
import java.util.Enumeration;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Retrieve information.
- *
+ *
* @version $Revision$, $Date$
*/
public class GetStats extends CMSServlet {
@@ -64,7 +62,7 @@ public class GetStats extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template
* file "getOCSPInfo.template" to render the result page.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +77,13 @@ public class GetStats extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -98,10 +95,10 @@ public class GetStats extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -118,10 +115,10 @@ public class GetStats extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -130,12 +127,12 @@ public class GetStats extends CMSServlet {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
StatsEvent st = statsSub.getMainStatsEvent();
String op = httpReq.getParameter("op");
if (op != null && op.equals("clear")) {
- statsSub.resetCounters();
+ statsSub.resetCounters();
}
header.addStringValue("startTime", statsSub.getStartTime().toString());
@@ -149,43 +146,42 @@ public class GetStats extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
- public String getSep(int level)
- {
- StringBuffer s = new StringBuffer();
- for (int i = 0; i < level; i++) {
- s.append("-");
- }
- return s.toString();
+ public String getSep(int level) {
+ StringBuffer s = new StringBuffer();
+ for (int i = 0; i < level; i++) {
+ s.append("-");
+ }
+ return s.toString();
}
public void parse(CMSTemplateParams argSet, StatsEvent st, int level) {
Enumeration names = st.getSubEventNames();
while (names.hasMoreElements()) {
- String name = (String)names.nextElement();
- StatsEvent subSt = st.getSubEvent(name);
-
- IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
- rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
- rarg.addLongValue("timeTaken", subSt.getTimeTaken());
- rarg.addLongValue("max", subSt.getMax());
- rarg.addLongValue("min", subSt.getMin());
- rarg.addLongValue("percentage", subSt.getPercentage());
- rarg.addLongValue("avg", subSt.getAvg());
- rarg.addLongValue("stddev", subSt.getStdDev());
- argSet.addRepeatRecord(rarg);
-
- parse(argSet, subSt, level+1);
+ String name = (String) names.nextElement();
+ StatsEvent subSt = st.getSubEvent(name);
+
+ IArgBlock rarg = CMS.createArgBlock();
+ rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
+ rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
+ rarg.addLongValue("timeTaken", subSt.getTimeTaken());
+ rarg.addLongValue("max", subSt.getMax());
+ rarg.addLongValue("min", subSt.getMin());
+ rarg.addLongValue("percentage", subSt.getPercentage());
+ rarg.addLongValue("avg", subSt.getAvg());
+ rarg.addLongValue("stddev", subSt.getStdDev());
+ argSet.addRepeatRecord(rarg);
+
+ parse(argSet, subSt, level + 1);
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
index 89179b57..95dbf2ab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -32,11 +31,10 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.IndexTemplateFiller;
-
/**
* This is the servlet that builds the index page in
* various ports.
- *
+ *
* @version $Revision$, $Date$
*/
public class IndexServlet extends CMSServlet {
@@ -91,26 +89,26 @@ public class IndexServlet extends CMSServlet {
* Serves HTTP request.
*/
public void process(CMSRequest cmsReq) throws EBaseException {
- if (CMSGateway.getEnableAdminEnroll() &&
- mAuthority != null &&
- mAuthority instanceof ICertificateAuthority) {
+ if (CMSGateway.getEnableAdminEnroll() &&
+ mAuthority != null &&
+ mAuthority instanceof ICertificateAuthority) {
try {
cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html");
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1",
- e.toString()));
+ e.toString()));
}
return;
} else {
try {
renderTemplate(
- cmsReq, mTemplateName, new IndexTemplateFiller());
+ cmsReq, mTemplateName, new IndexTemplateFiller());
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE"));
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
index 4c3dec80..fced583a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject;
/**
* This servlet returns port information.
- *
+ *
* @version $Revision$, $Date$
*/
public class PortsServlet extends CMSServlet {
@@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet {
String port = null;
if (secure.equals("true"))
- port = CMS.getEESSLPort();
+ port = CMS.getEESSLPort();
else
port = CMS.getEENonSSLPort();
-
+
try {
XMLObject xmlObj = null;
xmlObj = new XMLObject();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
index 15bfb306..0784945a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
@@ -2,7 +2,6 @@
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
@@ -21,34 +20,33 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-
/**
* This is a servlet that proxies request to another servlet.
- *
+ *
* SERVLET REDIRECTION
* Specify the URL of a servlet to forward the request to
- * destServlet: /ee/ca/newservlet
- *
+ * destServlet: /ee/ca/newservlet
+ *
* PARAMETER MAPPING
- * In the servlet configuration (as an init-param in web.xml) you
- * can optionally specify a value for the parameter 'parameterMap'
+ * In the servlet configuration (as an init-param in web.xml) you
+ * can optionally specify a value for the parameter 'parameterMap'
* which contains a list of HTTP parameters which should be
* translated to new names.
*
- * parameterMap: name1->newname1,name2->newname2
- *
+ * parameterMap: name1->newname1,name2->newname2
+ *
* Optionally, names can be set to static values:
- *
- * parameterMap: name1->name2=value
- *
+ *
+ * parameterMap: name1->name2=value
+ *
* Examples:
* Consider the following HTTP input parameters:
- * vehicle:car make:ford model:explorer
+ * vehicle:car make:ford model:explorer
*
* The following config strings will have this effect:
- * parameterMap: make->manufacturer,model->name=expedition,->suv=true
- * output: vehicle:car manufactuer:ford model:expedition suv:true
- *
+ * parameterMap: make->manufacturer,model->name=expedition,->suv=true
+ * output: vehicle:car manufactuer:ford model:expedition suv:true
+ *
* @version $Revision$, $Date$
*/
public class ProxyServlet extends HttpServlet {
@@ -64,40 +62,41 @@ public class ProxyServlet extends HttpServlet {
private Vector mMatchStrings = new Vector();
private String mDestServletOnNoMatch = null;
private String mAppendPathInfoOnNoMatch = null;
- private Map mParamMap = new HashMap();
- private Map mParamValue = new HashMap();
+ private Map mParamMap = new HashMap();
+ private Map mParamValue = new HashMap();
public ProxyServlet() {
}
- private void parseParamTable(String s) {
- if (s == null) return;
-
- String[] params = s.split(",");
- for (int i=0;i<params.length;i++) {
- String p = params[i];
- if (p != null) {
- String[] paramNames = p.split("->");
- if (paramNames.length != 2) {
- }
- String from = paramNames[0];
- String to = paramNames[1];
- if (from != null && to != null) {
- String[] splitTo = to.split("=");
- String toName = splitTo[0];
- if (from.length() >0) {
- mParamMap.put(from,toName);
- }
- if (splitTo.length == 2) {
- String toValue = splitTo[1];
- String toValues[] = new String[1];
- toValues[0] = toValue;
- mParamValue.put(toName,toValues);
- }
- }
- }
- }
- }
+ private void parseParamTable(String s) {
+ if (s == null)
+ return;
+
+ String[] params = s.split(",");
+ for (int i = 0; i < params.length; i++) {
+ String p = params[i];
+ if (p != null) {
+ String[] paramNames = p.split("->");
+ if (paramNames.length != 2) {
+ }
+ String from = paramNames[0];
+ String to = paramNames[1];
+ if (from != null && to != null) {
+ String[] splitTo = to.split("=");
+ String toName = splitTo[0];
+ if (from.length() > 0) {
+ mParamMap.put(from, toName);
+ }
+ if (splitTo.length == 2) {
+ String toValue = splitTo[1];
+ String toValues[] = new String[1];
+ toValues[0] = toValue;
+ mParamValue.put(toName, toValues);
+ }
+ }
+ }
+ }
+ }
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -115,14 +114,13 @@ public class ProxyServlet extends HttpServlet {
mAppendPathInfo = sc.getInitParameter("appendPathInfo");
mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch");
String map = sc.getInitParameter("parameterMap");
- if (map != null) {
- parseParamTable(map);
- }
+ if (map != null) {
+ parseParamTable(map);
+ }
}
public void service(HttpServletRequest req, HttpServletResponse res) throws
- IOException, ServletException
- {
+ IOException, ServletException {
RequestDispatcher dispatcher = null;
String dest = mDest;
String uri = req.getRequestURI();
@@ -132,120 +130,118 @@ public class ProxyServlet extends HttpServlet {
if (mMatchStrings.size() != 0) {
boolean matched = false;
for (int i = 0; i < mMatchStrings.size(); i++) {
- String t = (String)mMatchStrings.elementAt(i);
- if (uri.indexOf(t) != -1) {
+ String t = (String) mMatchStrings.elementAt(i);
+ if (uri.indexOf(t) != -1) {
matched = true;
}
}
if (!matched) {
dest = mDestServletOnNoMatch;
// append Path info for OCSP request in Get method
- if (mAppendPathInfoOnNoMatch != null &&
- !mAppendPathInfoOnNoMatch.equals("")) {
+ if (mAppendPathInfoOnNoMatch != null &&
+ !mAppendPathInfoOnNoMatch.equals("")) {
dest = dest + uri.replace(mAppendPathInfoOnNoMatch, "");
}
}
}
if (dest == null || dest.equals("")) {
- // mapping everything
- dest = uri;
- dest = dest.replaceFirst(mSrcContext, "");
+ // mapping everything
+ dest = uri;
+ dest = dest.replaceFirst(mSrcContext, "");
}
if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) {
- dest = dest + uri.replace(mAppendPathInfo, "");
+ dest = dest + uri.replace(mAppendPathInfo, "");
}
if (mDestContext != null && !mDestContext.equals("")) {
- dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
+ dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
} else {
- dispatcher = req.getRequestDispatcher(dest);
+ dispatcher = req.getRequestDispatcher(dest);
}
- // If a parameter map was specified
- if (mParamMap != null && !mParamMap.isEmpty()) {
- // Make a new wrapper with the new parameters
- ProxyWrapper r = new ProxyWrapper(req);
- r.setParameterMapAndValue(mParamMap,mParamValue);
- req = r;
- }
-
- dispatcher.forward(req, res);
+ // If a parameter map was specified
+ if (mParamMap != null && !mParamMap.isEmpty()) {
+ // Make a new wrapper with the new parameters
+ ProxyWrapper r = new ProxyWrapper(req);
+ r.setParameterMapAndValue(mParamMap, mParamValue);
+ req = r;
+ }
+
+ dispatcher.forward(req, res);
}
}
-class ProxyWrapper extends HttpServletRequestWrapper
-{
- private Map mMap = null;
- private Map mValueMap = null;
-
- public ProxyWrapper(HttpServletRequest req)
- {
- super(req);
- }
-
- public void setParameterMapAndValue(Map m,Map v)
- {
- if (m != null) mMap = m;
- if (v != null) mValueMap = v;
- }
-
- public Map getParameterMap()
- {
- try {
- // If we haven't specified any parameter mapping, just
- // use the regular implementation
- if (mMap == null) return super.getParameterMap();
- else {
- // Make a new Map for us to put stuff in
- Map n = new HashMap();
- // get the HTTP parameters the user supplied.
- Map m = super.getParameterMap();
- Set s = m.entrySet();
- Iterator i = s.iterator();
- while (i.hasNext()) {
- Map.Entry me = (Map.Entry) i.next();
- String name = (String) me.getKey();
- String[] values = (String[])(me.getValue());
- String newname = null;
- if (name != null) {
- newname = (String) mMap.get(name);
- }
-
- // No mapping specified, just use existing name/value
- if (newname == null || mValueMap == null) {
- n.put(name,values);
- } else { // new name specified
- Object o = mValueMap.get(newname);
- // check if new (static) value specified
- if (o==null) {
- n.put(newname,values);
- } else {
- String newvalues[] = (String[])mValueMap.get(newname);
- n.put(newname,newvalues);
- }
- }
- }
- // Now, deal with static values set in the config
- // which weren't set in the HTTP request
- Set s2 = mValueMap.entrySet();
- Iterator i2 = s2.iterator();
- // Cycle through all the static values
- while (i2.hasNext()) {
- Map.Entry me2 = (Map.Entry) i2.next();
- String name2 = (String) me2.getKey();
- if (n.get(name2) == null) {
- String[] values2 = (String[])me2.getValue();
- // If the parameter is not set in the map
- // Set it now
- n.put(name2,values2);
- }
- }
-
- return n;
- }
- } catch (NullPointerException npe) {
- CMS.debug(npe);
- return null;
- }
- }
-}
+class ProxyWrapper extends HttpServletRequestWrapper {
+ private Map mMap = null;
+ private Map mValueMap = null;
+
+ public ProxyWrapper(HttpServletRequest req) {
+ super(req);
+ }
+
+ public void setParameterMapAndValue(Map m, Map v) {
+ if (m != null)
+ mMap = m;
+ if (v != null)
+ mValueMap = v;
+ }
+ public Map getParameterMap() {
+ try {
+ // If we haven't specified any parameter mapping, just
+ // use the regular implementation
+ if (mMap == null)
+ return super.getParameterMap();
+ else {
+ // Make a new Map for us to put stuff in
+ Map n = new HashMap();
+ // get the HTTP parameters the user supplied.
+ Map m = super.getParameterMap();
+ Set s = m.entrySet();
+ Iterator i = s.iterator();
+ while (i.hasNext()) {
+ Map.Entry me = (Map.Entry) i.next();
+ String name = (String) me.getKey();
+ String[] values = (String[]) (me.getValue());
+ String newname = null;
+ if (name != null) {
+ newname = (String) mMap.get(name);
+ }
+
+ // No mapping specified, just use existing name/value
+ if (newname == null || mValueMap == null) {
+ n.put(name, values);
+ } else { // new name specified
+ Object o = mValueMap.get(newname);
+ // check if new (static) value specified
+ if (o == null) {
+ n.put(newname, values);
+ } else {
+ String newvalues[] = (String[]) mValueMap.get(newname);
+ n.put(newname, newvalues);
+ }
+ }
+ }
+ // Now, deal with static values set in the config
+ // which weren't set in the HTTP request
+ Set s2 = mValueMap.entrySet();
+ Iterator i2 = s2.iterator();
+ // Cycle through all the static values
+ while (i2.hasNext()) {
+ Map.Entry me2 = (Map.Entry) i2.next();
+ String name2 = (String) me2.getKey();
+ if (n.get(name2) == null) {
+ String[] values2 = (String[]) me2.getValue();
+ // If the parameter is not set in the map
+ // Set it now
+ n.put(name2, values2);
+ }
+ }
+
+ return n;
+ }
+ } catch (NullPointerException npe) {
+ CMS.debug(npe);
+ return null;
+ }
+ }
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
index 5daac065..6d91e1b2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.Date;
@@ -35,10 +34,10 @@ import com.netscape.certsrv.apps.CMS;
* thread.
* <p>
* Also allows user to trigger a new garbage collection
- *
+ *
* @version $Revision$, $Date$
*/
-public class SystemInfoServlet extends HttpServlet {
+public class SystemInfoServlet extends HttpServlet {
/**
*
@@ -58,16 +57,16 @@ public class SystemInfoServlet extends HttpServlet {
* value of the 'op' HTTP parameter.
* <UL>
* <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet
- * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers
- * (@see java.lang.Runtime.getRuntime#gc() )
- * <li>op = general - display information about memory, and other JVM informatino
- * <li>op = thread - display details about each thread.
+ * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers (@see java.lang.Runtime.getRuntime#gc() )
+ * <li>op = general - display information about memory, and other JVM informatino
+ * <li>op = thread - display details about each thread.
* </UL>
+ *
* @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
*/
- public void service(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ public void service(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
boolean collect = false;
String op = request.getParameter("op");
@@ -83,9 +82,9 @@ public class SystemInfoServlet extends HttpServlet {
}
}
- private void mainMenu(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void mainMenu(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
response.getWriter().println("<a href=" + request.getServletPath() + ">");
@@ -122,9 +121,9 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("</HTML>");
}
- private void gc(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void gc(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
java.lang.Runtime.getRuntime().gc();
java.lang.Runtime.getRuntime().runFinalization();
response.getWriter().println("<HTML>");
@@ -140,9 +139,9 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("</HTML>");
}
- private void general(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void general(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
response.getWriter().println("<a href=" + request.getServletPath() + ">");
@@ -221,9 +220,9 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("</HTML>");
}
- private void thread(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void thread(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
response.getWriter().println("</table>");
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
index 02ab5b52..dd8f6961 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
@@ -17,11 +17,10 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
/**
* This class represents information about the client e.g. version,
* langauge, vendor.
- *
+ *
* @version $Revision$, $Date$
*/
public class UserInfo {
@@ -36,7 +35,7 @@ public class UserInfo {
/**
* Returns the user language.
- *
+ *
* @param s user language info from the browser
* @return user language
*/
@@ -53,7 +52,7 @@ public class UserInfo {
/**
* Returns the user country.
- *
+ *
* @param s user language info from the browser
* @return user country
*/
@@ -67,10 +66,10 @@ public class UserInfo {
}
return "";
}
-
+
/**
* Returns the users agent.
- *
+ *
* @param s user language info from the browser
* @return user agent
*/
@@ -79,7 +78,7 @@ public class UserInfo {
if (s.indexOf(MSIE) != -1) {
return MSIE;
}
-
+
// Check for Netscape i.e. Mozilla
if (s.indexOf(MOZILLA) != -1) {
return MOZILLA;
@@ -87,5 +86,5 @@ public class UserInfo {
// Don't know agent. Return empty string.
return "";
- }
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
index 15d069e3..8bcb4857 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -67,10 +66,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a certificate with a CMC-formatted revocation request
- *
+ *
* @version $Revision$, $Date$
*/
public class CMCRevReqServlet extends CMSServlet {
@@ -83,7 +81,7 @@ public class CMCRevReqServlet extends CMSServlet {
// revocation templates.
private final static String TPL_FILE = "revocationResult.template";
public static final String CRED_CMC = "cmcRequest";
-
+
private ICertificateRepository mCertDB = null;
private String mFormPath = null;
private IRequestQueue mQueue = null;
@@ -92,12 +90,10 @@ public class CMCRevReqServlet extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
// http params
public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
@@ -106,15 +102,16 @@ public class CMCRevReqServlet extends CMSServlet {
// request attributes
public static final String SERIALNO_ARRAY = "serialNoArray";
-
+
public CMCRevReqServlet() {
super();
}
- /**
+ /**
* initialize the servlet.
- * @param sc servlet configuration, read from the web.xml file
- */
+ *
+ * @param sc servlet configuration, read from the web.xml file
+ */
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -136,26 +133,26 @@ public class CMCRevReqServlet extends CMSServlet {
mFormPath = mOutputTemplatePath;
}
-
- /**
- * Process the HTTP request.
- *
- * <ul>
- * <li>http.param cmcRequest the base-64 encoded CMC request
- * </ul>
- * @param cmsReq the object holding the request and response information
+ /**
+ * Process the HTTP request.
+ *
+ * <ul>
+ * <li>http.param cmcRequest the base-64 encoded CMC request
+ * </ul>
+ *
+ * @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
String cmcAgentSerialNumber = null;
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest req = cmsReq.getHttpReq();
- HttpServletResponse resp = cmsReq.getHttpResp();
-
+ HttpServletResponse resp = cmsReq.getHttpResp();
+
CMSTemplate form = null;
Locale[] locale = new Locale[1];
-CMS.debug("**** mFormPath = "+mFormPath);
+ CMS.debug("**** mFormPath = " + mFormPath);
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
@@ -167,12 +164,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock header = CMS.createArgBlock();
IArgBlock ctx = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
String cmc = (String) httpParams.get(CRED_CMC);
if (cmc == null) {
throw new EMissingCredential(
- CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
+ CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
}
IAuthToken authToken = authenticate(cmsReq);
@@ -200,8 +196,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL);
}
- Integer reasonCode = Integer.valueOf(0);
- if (authToken != null) {
+ Integer reasonCode = Integer.valueOf(0);
+ if (authToken != null) {
reasonCode = authToken.getInInteger(REASON_CODE);
}
RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue());
@@ -211,12 +207,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
String revokeAll = null;
int verifiedRecordCount = 0;
int totalRecordCount = 0;
-
+
if (serialNoArray != null) {
totalRecordCount = serialNoArray.length;
verifiedRecordCount = serialNoArray.length;
}
-
+
X509CertImpl[] certs = null;
//for audit log.
@@ -247,7 +243,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
IRequest getCertsChallengeReq = null;
getCertsChallengeReq = mQueue.newRequest(
- GETCERTS_FOR_CHALLENGE_REQUEST);
+ GETCERTS_FOR_CHALLENGE_REQUEST);
getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
mQueue.processRequest(getCertsChallengeReq);
RequestStatus status = getCertsChallengeReq.getRequestStatus();
@@ -257,7 +253,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
mRequestID = getCertsChallengeReq.getRequestId().toString();
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
}
}
@@ -268,22 +264,22 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- serialNoArray[i], 16);
+ serialNoArray[i], 16);
rarg.addStringValue("subject",
- certs[i].getSubjectDN().toString());
+ certs[i].getSubjectDN().toString());
rarg.addLongValue("validNotBefore",
- certs[i].getNotBefore().getTime() / 1000);
+ certs[i].getNotBefore().getTime() / 1000);
rarg.addLongValue("validNotAfter",
- certs[i].getNotAfter().getTime() / 1000);
+ certs[i].getNotAfter().getTime() / 1000);
//argSet.addRepeatRecord(rarg);
}
revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
- cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
+ cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp,
- verifiedRecordCount, revokeAll, totalRecordCount,
- comments, locale[0],cmcAgentSerialNumber);
-
+ verifiedRecordCount, revokeAll, totalRecordCount,
+ comments, locale[0], cmcAgentSerialNumber);
+
} else {
header.addIntegerValue("totalRecordCount", 0);
header.addIntegerValue("verifiedRecordCount", 0);
@@ -292,7 +288,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
try {
ServletOutputStream out = resp.getOutputStream();
- if ((serialNoArray== null) || (serialNoArray.length == 0)) {
+ if ((serialNoArray == null) || (serialNoArray.length == 0)) {
cmsReq.setStatus(CMSRequest.ERROR);
EBaseException ee = new EBaseException("No matched certificate is found");
@@ -300,16 +296,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
} else {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -318,56 +314,53 @@ CMS.debug("**** mFormPath = "+mFormPath);
* Process cert status change request using the Certificate Management
* protocol using CMS (CMC)
* <P>
- *
+ *
* (Certificate Request - an "EE" cert status change request)
* <P>
- *
+ *
* (Certificate Request Processed - an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
- * approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
+ * 4 - Certificate superceded, 5 - Cessation of operation, or
+ * 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param verifiedRecordCount number of verified records
* @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * certificates to be revoked
* @param totalRecordCount total number of records (verified and unverified)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String comments,
- Locale locale,String cmcAgentSerialNumber)
- throws EBaseException {
+ int reason, Date invalidityDate,
+ String initiative,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ int verifiedRecordCount,
+ String revokeAll,
+ int totalRecordCount,
+ String comments,
+ Locale locale, String cmcAgentSerialNumber)
+ throws EBaseException {
String eeSerialNumber = null;
- if(cmcAgentSerialNumber!=null) {
+ if (cmcAgentSerialNumber != null) {
eeSerialNumber = cmcAgentSerialNumber;
- }else{
- X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req );
- if( sslCert != null ) {
+ } else {
+ X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
+ if (sslCert != null) {
eeSerialNumber = sslCert.getSerialNumber().toString();
}
}
@@ -375,11 +368,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- String auditRequesterID = auditRequesterID( req );
- String auditSerialNumber = auditSerialNumber( eeSerialNumber );
- String auditRequestType = auditRequestType( reason );
+ String auditRequesterID = auditRequesterID(req);
+ String auditSerialNumber = auditSerialNumber(eeSerialNumber);
+ String auditRequestType = auditRequestType(reason);
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- String auditReasonNum = String.valueOf( reason );
+ String auditReasonNum = String.valueOf(reason);
try {
int count = 0;
@@ -418,18 +411,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
rarg.addStringValue("error", "Certificate " +
- cert.getSerialNumber().toString() +
- " is already revoked.");
+ cert.getSerialNumber().toString() +
+ " is already revoked.");
} else {
oldCertsV.addElement(cert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(cert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -441,14 +434,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
} else if (mAuthority instanceof IRegistrationAuthority) {
String reqIdStr = null;
- if (mRequestID != null && mRequestID.length() > 0)
+ if (mRequestID != null && mRequestID.length() > 0)
reqIdStr = mRequestID;
Vector<String> serialNumbers = new Vector<String>();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -457,8 +448,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
String legalDigits = "0123456789";
int j = i;
- while (j < revokeAll.length() &&
- legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+ while (j < revokeAll.length() &&
+ legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
j++;
}
if (j > i) {
@@ -485,12 +476,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
oldCertsV.addElement(certs[i]);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(certs[i].getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -507,12 +498,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
oldCertsV.addElement(cert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(cert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -533,7 +524,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
}
IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -573,7 +564,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
if (result.equals(IRequest.RES_ERROR)) {
String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ revReq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -584,18 +575,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -608,23 +599,23 @@ CMS.debug("**** mFormPath = "+mFormPath);
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
header.addStringValue("revoked", "yes");
Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -633,15 +624,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
} else {
header.addStringValue("updateCRLSuccess", "no");
String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
if (crlError != null)
header.addStringValue("updateCRLError",
- crlError);
+ crlError);
}
// let known crl publishing status too.
Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -649,22 +640,22 @@ CMS.debug("**** mFormPath = "+mFormPath);
} else {
header.addStringValue("publishCRLSuccess", "no");
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null)
header.addStringValue("publishCRLError",
- publError);
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
// let known update and publish status of all crls.
Enumeration<ICRLIssuingPoint> otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -674,25 +665,25 @@ CMS.debug("**** mFormPath = "+mFormPath);
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
+ CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
updateStatusStr));
header.addStringValue(updateStatusStr, "yes");
} else {
String updateErrorStr = crl.getCrlUpdateErrorStr();
- CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
+ CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
updateStatusStr));
header.addStringValue(updateStatusStr, "no");
String error =
- revReq.getExtDataInString(updateErrorStr);
+ revReq.getExtDataInString(updateErrorStr);
if (error != null)
header.addStringValue(updateErrorStr,
- error);
+ error);
}
String publishStatusStr = crl.getCrlPublishStatusStr();
Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ revReq.getExtDataInInteger(publishStatusStr);
if (publishResult == null)
continue;
@@ -700,15 +691,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
header.addStringValue(publishStatusStr, "yes");
} else {
String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ crl.getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
String error =
- revReq.getExtDataInString(publishErrorStr);
+ revReq.getExtDataInString(publishErrorStr);
if (error != null)
header.addStringValue(
- publishErrorStr, error);
+ publishErrorStr, error);
}
}
}
@@ -717,7 +708,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ revReq.getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -734,11 +725,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
// add crl publishing status.
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
header.addStringValue("crlPublishError",
- publError);
+ publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -752,16 +743,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "pending",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "pending",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
@@ -771,7 +762,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
if (errors != null && errors.size() > 0) {
for (int ii = 0; ii < errors.size(); ii++) {
- errorStr.append(errors.elementAt(ii));;
+ errorStr.append(errors.elementAt(ii));
+ ;
}
}
header.addStringValue("error", errorStr.toString());
@@ -780,16 +772,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -798,17 +790,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -818,12 +810,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
} else {
@@ -832,11 +824,10 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
ILogger.FAILURE,
auditRequesterID,
@@ -857,12 +848,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
} else {
@@ -871,18 +862,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -891,18 +881,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
throw e;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
} else {
@@ -911,18 +901,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -934,12 +923,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
} else {
@@ -948,18 +937,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -973,11 +961,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1003,11 +991,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -1026,7 +1014,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
// convert it to hexadecimal
serialNumber = "0x"
+ Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ Integer.valueOf(serialNumber).intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1036,11 +1024,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Signed Audit Log Request Type
- *
+ *
* This method is called to obtain the "Request Type" for
* a signed audit log message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -1062,4 +1050,3 @@ CMS.debug("**** mFormPath = "+mFormPath);
return requestType;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
index 181e6e9c..9ca4afab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -66,11 +65,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Takes the certificate info (serial number) and optional challenge phrase, creates a
+ * Takes the certificate info (serial number) and optional challenge phrase, creates a
* revocation request and submits it to the authority subsystem for processing
- *
+ *
* @version $Revision$, $Date$
*/
public class ChallengeRevocationServlet1 extends CMSServlet {
@@ -102,10 +100,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
}
/**
- * Initialize the servlet. This servlet uses the file
- * revocationResult.template for the response
- *
- * @param sc servlet configuration, read from the web.xml file
+ * Initialize the servlet. This servlet uses the file
+ * revocationResult.template for the response
+ *
+ * @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -125,17 +123,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
mQueue = mAuthority.getRequestQueue();
}
- /**
- * Process the HTTP request.
+ /**
+ * Process the HTTP request.
* <ul>
* <li>http.param REASON_CODE the revocation reason
- * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
+ * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -159,23 +157,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
// for audit log
IAuthToken authToken = authenticate(cmsReq);
String authMgr = AuditFormat.NOAUTH;
-
+
BigInteger[] serialNoArray = null;
if (authToken != null) {
serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO);
}
// set revocation reason, default to unspecified if not set.
- int reasonCode =
- httpParams.getValueAsInt(REASON_CODE, 0);
+ int reasonCode =
+ httpParams.getValueAsInt(REASON_CODE, 0);
// header.addIntegerValue("reason", reasonCode);
RevocationReason reason = RevocationReason.fromInt(reasonCode);
String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
Date invalidityDate = null;
String revokeAll = null;
- int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0;
- int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0;
+ int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
+ int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
X509CertImpl[] certs = null;
@@ -198,11 +196,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
+ authzToken = authorize(mAclMethod, authToken,
mAuthzResourceName, "revoke");
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -222,7 +220,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IRequest getCertsChallengeReq = null;
getCertsChallengeReq = mQueue.newRequest(
- GETCERTS_FOR_CHALLENGE_REQUEST);
+ GETCERTS_FOR_CHALLENGE_REQUEST);
getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
mQueue.processRequest(getCertsChallengeReq);
RequestStatus status = getCertsChallengeReq.getRequestStatus();
@@ -232,7 +230,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
mRequestID = getCertsChallengeReq.getRequestId().toString();
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
}
}
@@ -243,20 +241,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- serialNoArray[i], 16);
+ serialNoArray[i], 16);
rarg.addStringValue("subject",
- certs[i].getSubjectDN().toString());
+ certs[i].getSubjectDN().toString());
rarg.addLongValue("validNotBefore",
- certs[i].getNotBefore().getTime() / 1000);
+ certs[i].getNotBefore().getTime() / 1000);
rarg.addLongValue("validNotAfter",
- certs[i].getNotAfter().getTime() / 1000);
+ certs[i].getNotAfter().getTime() / 1000);
//argSet.addRepeatRecord(rarg);
}
revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
process(argSet, header, reasonCode, invalidityDate, initiative, req, resp,
- verifiedRecordCount, revokeAll, totalRecordCount,
- comments, locale[0]);
+ verifiedRecordCount, revokeAll, totalRecordCount,
+ comments, locale[0]);
} else {
header.addIntegerValue("totalRecordCount", 0);
header.addIntegerValue("verifiedRecordCount", 0);
@@ -265,10 +263,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
try {
ServletOutputStream out = resp.getOutputStream();
- if( serialNoArray == null ) {
- CMS.debug( "ChallengeRevcationServlet1::process() - " +
- " serialNoArray is null!" );
- EBaseException ee = new EBaseException( "No matched certificate is found" );
+ if (serialNoArray == null) {
+ CMS.debug("ChallengeRevcationServlet1::process() - " +
+ " serialNoArray is null!");
+ EBaseException ee = new EBaseException("No matched certificate is found");
cmsReq.setError(ee);
return;
@@ -282,31 +280,31 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
} else {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate,
+ String initiative,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ int verifiedRecordCount,
+ String revokeAll,
+ int totalRecordCount,
+ String comments,
+ Locale locale)
+ throws EBaseException {
try {
int count = 0;
Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>();
@@ -344,18 +342,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
rarg.addStringValue("error", "Certificate " +
- cert.getSerialNumber().toString() +
- " is already revoked.");
+ cert.getSerialNumber().toString() +
+ " is already revoked.");
} else {
oldCertsV.addElement(cert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(cert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -367,14 +365,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
} else if (mAuthority instanceof IRegistrationAuthority) {
String reqIdStr = null;
- if (mRequestID != null && mRequestID.length() > 0)
+ if (mRequestID != null && mRequestID.length() > 0)
reqIdStr = mRequestID;
Vector<String> serialNumbers = new Vector<String>();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -383,8 +379,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
String legalDigits = "0123456789";
int j = i;
- while (j < revokeAll.length() &&
- legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+ while (j < revokeAll.length() &&
+ legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
j++;
}
if (j > i) {
@@ -411,12 +407,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
oldCertsV.addElement(certs[i]);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(certs[i].getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -433,12 +429,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
oldCertsV.addElement(cert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(cert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -459,7 +455,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
}
IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ mQueue.newRequest(IRequest.REVOCATION_REQUEST);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
@@ -479,7 +475,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
if (result.equals(IRequest.RES_ERROR)) {
String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ revReq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -490,18 +486,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -514,23 +510,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
header.addStringValue("revoked", "yes");
Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -539,15 +535,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
} else {
header.addStringValue("updateCRLSuccess", "no");
String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
if (crlError != null)
header.addStringValue("updateCRLError",
- crlError);
+ crlError);
}
// let known crl publishing status too.
Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -555,22 +551,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
} else {
header.addStringValue("publishCRLSuccess", "no");
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null)
header.addStringValue("publishCRLError",
- publError);
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
// let known update and publish status of all crls.
Enumeration<ICRLIssuingPoint> otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -580,25 +576,25 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
+ CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
updateStatusStr));
header.addStringValue(updateStatusStr, "yes");
} else {
String updateErrorStr = crl.getCrlUpdateErrorStr();
- CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
+ CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
updateStatusStr));
header.addStringValue(updateStatusStr, "no");
String error =
- revReq.getExtDataInString(updateErrorStr);
+ revReq.getExtDataInString(updateErrorStr);
if (error != null)
header.addStringValue(updateErrorStr,
- error);
+ error);
}
String publishStatusStr = crl.getCrlPublishStatusStr();
Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ revReq.getExtDataInInteger(publishStatusStr);
if (publishResult == null)
continue;
@@ -606,15 +602,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
header.addStringValue(publishStatusStr, "yes");
} else {
String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ crl.getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
String error =
- revReq.getExtDataInString(publishErrorStr);
+ revReq.getExtDataInString(publishErrorStr);
if (error != null)
header.addStringValue(
- publishErrorStr, error);
+ publishErrorStr, error);
}
}
}
@@ -623,7 +619,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ revReq.getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -640,11 +636,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
// add crl publishing status.
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
header.addStringValue("crlPublishError",
- publError);
+ publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -658,16 +654,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "pending",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "pending",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
@@ -686,16 +682,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -706,7 +702,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
throw e;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
} catch (Exception e) {
e.printStackTrace();
@@ -715,4 +711,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
index b3693a53..9feddbec 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Locale;
@@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Redirect a request to the Master. This servlet is used in
- * a clone when a requested service (such as CRL) is not available.
+ * a clone when a requested service (such as CRL) is not available.
* It redirects the user to the master.
- *
+ *
* @version $Revision$, $Date$
*/
public class CloneRedirect extends CMSServlet {
@@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet {
/**
* Initialize the servlet.
- * @param sc servlet configuration, read from the web.xml file
+ *
+ * @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -93,8 +92,8 @@ public class CloneRedirect extends CMSServlet {
if (mAuthority instanceof ICertificateAuthority)
mCA = (ICertificateAuthority) mAuthority;
-
- // override success to do output with our own template.
+
+ // override success to do output with our own template.
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -117,28 +116,28 @@ public class CloneRedirect extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
- CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
+ CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
header.addStringValue("masterURL", mNewUrl);
try {
ServletOutputStream out = resp.getOutputStream();
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
index 0ccf7f18..03c909cc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* 'Face-to-face' certificate enrollment.
- *
+ *
* @version $Revision$, $Date$
*/
public class DirAuthServlet extends CMSServlet {
@@ -64,8 +62,9 @@ public class DirAuthServlet extends CMSServlet {
super();
}
- /**
+ /**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -81,15 +80,14 @@ public class DirAuthServlet extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
}
-
- /**
+ /**
* Process the HTTP request. This servlet reads configuration information
- * from the hashDirEnrollment configuration substore
- *
+ * from the hashDirEnrollment configuration substore
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -112,8 +110,8 @@ public class DirAuthServlet extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
cmsReq.setError(new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
@@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet {
printError(cmsReq, "2");
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
- }
+ }
mgr.setLastLogin(reqHost, currTime);
@@ -176,11 +174,11 @@ public class DirAuthServlet extends CMSServlet {
mgr.addAuthToken(pageID, authToken);
- header.addStringValue("pageID", pageID);
+ header.addStringValue("pageID", pageID);
header.addStringValue("uid", uid);
header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid));
header.addStringValue("hostname", reqHost);
-
+
try {
ServletOutputStream out = httpResp.getOutputStream();
@@ -188,8 +186,8 @@ public class DirAuthServlet extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
@@ -199,7 +197,7 @@ public class DirAuthServlet extends CMSServlet {
}
private void printError(CMSRequest cmsReq, String errorCode)
- throws EBaseException {
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -219,7 +217,7 @@ public class DirAuthServlet extends CMSServlet {
form = getTemplate(formPath, httpReq, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
cmsReq.setError(new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
@@ -234,7 +232,7 @@ public class DirAuthServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
index 9f353312..a5cdc98e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* For Face-to-face enrollment, disable EE enrollment feature
- *
+ *
* @version $Revision$, $Date$
* @see com.netscape.cms.servlet.cert.EnableEnrollResult
*/
@@ -83,7 +81,7 @@ public class DisableEnrollResult extends CMSServlet {
* Services the request
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -162,10 +160,10 @@ public class DisableEnrollResult extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
index ea62b9cb..16be7a8a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display detailed information about a certificate
- *
+ *
* The template 'displayBySerial.template' is used to
* render the response for this servlet.
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerial extends CMSServlet {
@@ -99,6 +97,7 @@ public class DisplayBySerial extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -109,13 +108,13 @@ public class DisplayBySerial extends CMSServlet {
try {
mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
}
// coming from ee
mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1;
-
- if (mOutputTemplatePath != null)
+
+ if (mOutputTemplatePath != null)
mForm1Path = mOutputTemplatePath;
// override success and error templates to null -
@@ -126,8 +125,7 @@ public class DisplayBySerial extends CMSServlet {
/**
* Serves HTTP request. The format of this request is as follows:
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to display
- * (or hex if serialNumber preceded by 0x)
+ * <li>http.param serialNumber Decimal serial number of certificate to display (or hex if serialNumber preceded by 0x)
* </ul>
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -151,7 +149,7 @@ public class DisplayBySerial extends CMSServlet {
mAuthzResourceName, "read");
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -170,8 +168,8 @@ public class DisplayBySerial extends CMSServlet {
error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
} catch (EDBRecordNotFoundException e) {
@@ -185,15 +183,15 @@ public class DisplayBySerial extends CMSServlet {
try {
if (serialNumber.compareTo(MINUS_ONE) > 0) {
- process(argSet, header, serialNumber,
- req, resp, locale[0]);
+ process(argSet, header, serialNumber,
+ req, resp, locale[0]);
} else {
error = new ECMSGWException(
CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
}
} catch (EBaseException e) {
error = e;
- }
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -201,19 +199,19 @@ public class DisplayBySerial extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
@@ -223,53 +221,53 @@ public class DisplayBySerial extends CMSServlet {
* Display information about a particular certificate
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- BigInteger seq, HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ BigInteger seq, HttpServletRequest req,
+ HttpServletResponse resp,
+ Locale locale)
+ throws EBaseException {
String certType[] = new String[1];
try {
ICertRecord rec = getCertRecord(seq, certType);
-
+
if (certType[0].equalsIgnoreCase("x509")) {
processX509(argSet, header, seq, req, resp, locale);
return;
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
}
-
+
return;
}
-
+
private void processX509(CMSTemplateParams argSet, IArgBlock header,
- BigInteger seq, HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ BigInteger seq, HttpServletRequest req,
+ HttpServletResponse resp,
+ Locale locale)
+ throws EBaseException {
try {
ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
- if (rec == null) {
- CMS.debug("DisplayBySerial: failed to read record");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (rec == null) {
+ CMS.debug("DisplayBySerial: failed to read record");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
X509CertImpl cert = rec.getCertificate();
- if (cert == null) {
- CMS.debug("DisplayBySerial: no certificate in record");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (cert == null) {
+ CMS.debug("DisplayBySerial: no certificate in record");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
try {
X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- if (info == null) {
- CMS.debug("DisplayBySerial: no info found");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (info == null) {
+ CMS.debug("DisplayBySerial: no info found");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
@@ -287,11 +285,11 @@ public class DisplayBySerial extends CMSServlet {
}
if (ext instanceof KeyUsageExtension) {
KeyUsageExtension usage =
- (KeyUsageExtension) ext;
+ (KeyUsageExtension) ext;
try {
if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
- ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+ ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
emailCert = true;
} catch (ArrayIndexOutOfBoundsException e) {
// bug356108:
@@ -321,8 +319,8 @@ public class DisplayBySerial extends CMSServlet {
header.addBooleanValue("noCertImport", noCertImport);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
}
IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -347,8 +345,8 @@ public class DisplayBySerial extends CMSServlet {
ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert);
- header.addStringValue("certPrettyPrint",
- certDetails.toString(locale));
+ header.addStringValue("certPrettyPrint",
+ certDetails.toString(locale));
/*
String scheme = req.getScheme();
@@ -369,8 +367,8 @@ public class DisplayBySerial extends CMSServlet {
try {
certFingerprints = CMS.getFingerPrints(cert);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
}
if (certFingerprints.length() > 0)
header.addStringValue("certFingerprint", certFingerprints);
@@ -387,7 +385,8 @@ public class DisplayBySerial extends CMSServlet {
(userAgent != null)? UserInfo.getUserAgent(userAgent): "";
*/
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (mCACerts != null) {
for (int i = 0; i < mCACerts.length; i++) {
if (cert.equals(mCACerts[i])) {
@@ -398,10 +397,10 @@ public class DisplayBySerial extends CMSServlet {
certsInChain = new X509CertImpl[mCACerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (mCACerts != null) {
for (int i = 0; i < mCACerts.length; i++) {
@@ -414,43 +413,43 @@ public class DisplayBySerial extends CMSServlet {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0],
new ContentInfo(new byte[0]),
certsInChain,
new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
- p7.encodeSignedData(bos,false);
+ p7.encodeSignedData(bos, false);
byte[] p7Bytes = bos.toByteArray();
- p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
+ p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
header.addStringValue("pkcs7ChainBase64", p7Str);
} catch (Exception e) {
//p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
//+ "; Please contact your administrator";
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7"));
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
return;
}
-
+
private ICertRecord getCertRecord(BigInteger seq, String certtype[])
- throws EBaseException {
+ throws EBaseException {
ICertRecord rec = null;
-
+
try {
rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
X509CertImpl x509cert = rec.getCertificate();
@@ -460,16 +459,16 @@ public class DisplayBySerial extends CMSServlet {
return rec;
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
}
-
+
return rec;
}
private BigInteger getSerialNumber(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
if (serialNumString != null) {
@@ -477,11 +476,10 @@ public class DisplayBySerial extends CMSServlet {
if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
return new BigInteger(serialNumString.substring(2), 16);
} else {
- return new BigInteger(serialNumString);
+ return new BigInteger(serialNumString);
}
- } else {
+ } else {
throw new NumberFormatException();
- }
+ }
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
index 3a5f3f06..0f2cd413 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Decode the CRL and display it to the requester.
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayCRL extends CMSServlet {
@@ -80,7 +78,8 @@ public class DisplayCRL extends CMSServlet {
/**
* Initialize the servlet. This servlet uses the 'displayCRL.template' file to
* to render the response to the client.
- * @param sc servlet configuration, read from the web.xml file
+ *
+ * @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -96,15 +95,15 @@ public class DisplayCRL extends CMSServlet {
}
/**
- * Process the HTTP request
+ * Process the HTTP request
* <ul>
- * <li>http.param crlIssuingPoint number
- * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
- * <li>http.param pageStart which page to start displaying from
- * <li>http.param pageSize number of entries to show per page
+ * <li>http.param crlIssuingPoint number
+ * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
+ * <li>http.param pageStart which page to start displaying from
+ * <li>http.param pageSize number of entries to show per page
* </ul>
+ *
* @param cmsReq the Request to service.
-
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -132,8 +131,8 @@ public class DisplayCRL extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
@@ -148,22 +147,22 @@ public class DisplayCRL extends CMSServlet {
String crlIssuingPointId = req.getParameter("crlIssuingPoint");
process(argSet, header, req, resp, crlIssuingPointId,
- locale[0]);
+ locale[0]);
try {
ServletOutputStream out = resp.getOutputStream();
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -192,24 +191,25 @@ public class DisplayCRL extends CMSServlet {
masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
if (masterHost != null && masterHost.length() > 0 &&
- masterPort != null && masterPort.length() > 0) {
+ masterPort != null && masterPort.length() > 0) {
clonedCA = true;
ipNames = crlRepository.getIssuingPointsNames();
}
} catch (EBaseException e) {
}
-
+
if (clonedCA) {
if (crlIssuingPointId != null) {
if (ipNames != null && ipNames.size() > 0) {
int i;
for (i = 0; i < ipNames.size(); i++) {
- String ipName = (String)ipNames.elementAt(i);
+ String ipName = (String) ipNames.elementAt(i);
if (crlIssuingPointId.equals(ipName)) {
break;
}
}
- if (i >= ipNames.size()) crlIssuingPointId = null;
+ if (i >= ipNames.size())
+ crlIssuingPointId = null;
} else {
crlIssuingPointId = null;
}
@@ -226,13 +226,14 @@ public class DisplayCRL extends CMSServlet {
isCRLCacheEnabled = ip.isCRLCacheEnabled();
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
}
if (crlIssuingPointId == null) {
header.addStringValue("error",
- "Request to unspecified or non-existing CRL issuing point: "+ipId);
+ "Request to unspecified or non-existing CRL issuing point: " + ipId);
return;
}
@@ -240,22 +241,23 @@ public class DisplayCRL extends CMSServlet {
String crlDisplayType = req.getParameter("crlDisplayType");
- if (crlDisplayType == null) crlDisplayType = "cachedCRL";
+ if (crlDisplayType == null)
+ crlDisplayType = "cachedCRL";
header.addStringValue("crlDisplayType", crlDisplayType);
try {
- crlRecord =
+ crlRecord =
(ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId);
} catch (EBaseException e) {
header.addStringValue("error", e.toString(locale));
return;
}
if (crlRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
- return;
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+ header.addStringValue("error",
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ return;
}
header.addStringValue("crlIssuingPoint", crlIssuingPointId);
@@ -283,10 +285,10 @@ public class DisplayCRL extends CMSServlet {
byte[] crlbytes = crlRecord.getCRL();
if (crlbytes == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+ header.addStringValue("error",
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
return;
}
@@ -299,8 +301,8 @@ public class DisplayCRL extends CMSServlet {
} catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue("error",
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
}
}
@@ -320,24 +322,25 @@ public class DisplayCRL extends CMSServlet {
long lPageStart = new Long(pageStart).longValue();
long lPageSize = new Long(pageSize).longValue();
- if (lPageStart < 1) lPageStart = 1;
+ if (lPageStart < 1)
+ lPageStart = 1;
// if (lPageStart + lPageSize - lCRLSize > 1)
// lPageStart = lCRLSize - lPageSize + 1;
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale,
- lCRLSize, lPageStart, lPageSize));
+ "crlPrettyPrint", crlDetails.toString(locale,
+ lCRLSize, lPageStart, lPageSize));
header.addLongValue("pageStart", lPageStart);
header.addLongValue("pageSize", lPageSize);
} else {
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale));
+ "crlPrettyPrint", crlDetails.toString(locale));
}
} else if (crlDisplayType.equals("crlHeader")) {
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
+ "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
} else if (crlDisplayType.equals("base64Encoded")) {
try {
byte[] ba = crl.getEncoded();
@@ -377,14 +380,14 @@ public class DisplayCRL extends CMSServlet {
} catch (CRLException e) {
}
} else if (crlDisplayType.equals("deltaCRL")) {
- if ((clonedCA && crlRecord.getDeltaCRLSize() != null &&
- crlRecord.getDeltaCRLSize().longValue() > -1) ||
- (crlIP != null && crlIP.isDeltaCRLEnabled())) {
+ if ((clonedCA && crlRecord.getDeltaCRLSize() != null &&
+ crlRecord.getDeltaCRLSize().longValue() > -1) ||
+ (crlIP != null && crlIP.isDeltaCRLEnabled())) {
byte[] deltaCRLBytes = crlRecord.getDeltaCRL();
if (deltaCRLBytes == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
header.addStringValue("error", "Delta CRL is not available");
} else {
X509CRLImpl deltaCRL = null;
@@ -393,23 +396,23 @@ public class DisplayCRL extends CMSServlet {
deltaCRL = new X509CRLImpl(deltaCRLBytes);
} catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue("error",
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
}
if (deltaCRL != null) {
BigInteger crlNumber = crlRecord.getCRLNumber();
BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
if ((clonedCA && crlNumber != null && deltaNumber != null &&
- deltaNumber.compareTo(crlNumber) >= 0) ||
- (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
+ deltaNumber.compareTo(crlNumber) >= 0) ||
+ (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
header.addIntegerValue("deltaCRLSize",
- deltaCRL.getNumberOfRevokedCertificates());
+ deltaCRL.getNumberOfRevokedCertificates());
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL);
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
+ "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
try {
byte[] ba = deltaCRL.getEncoded();
@@ -455,8 +458,8 @@ public class DisplayCRL extends CMSServlet {
}
} else {
header.addStringValue("error", "Delta CRL is not enabled for " +
- crlIssuingPointId +
- " issuing point");
+ crlIssuingPointId +
+ " issuing point");
}
}
@@ -464,10 +467,10 @@ public class DisplayCRL extends CMSServlet {
header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
} else {
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
- header.addStringValue("crlPrettyPrint",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue("error",
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue("crlPrettyPrint",
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
}
return;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
index 6efda2bb..9815ff68 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Servlet to report the status, ie, the agent-initiated user
* enrollment is enabled or disabled.
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayHashUserEnroll extends CMSServlet {
@@ -90,7 +88,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
* Services the request
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -117,7 +115,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
if (!(mAuthority instanceof IRegistrationAuthority)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
printError(cmsReq, "2");
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
- }
+ }
mgr.setLastLogin(reqHost, currTime);
@@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -177,10 +175,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -188,7 +186,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
}
private void printError(CMSRequest cmsReq, String errorCode)
- throws EBaseException {
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -208,9 +206,9 @@ public class DisplayHashUserEnroll extends CMSServlet {
form = getTemplate(formPath, httpReq, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -223,10 +221,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index 3c562d65..66841e39 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a Certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class DoRevoke extends CMSServlet {
@@ -98,12 +96,10 @@ public class DoRevoke extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
public DoRevoke() {
super();
@@ -111,7 +107,8 @@ public class DoRevoke extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template
- * file "revocationResult.template" to render the result
+ * file "revocationResult.template" to render the result
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -146,15 +143,18 @@ public class DoRevoke extends CMSServlet {
/**
* Serves HTTP request. The http parameters used by this request are as follows:
+ *
* <pre>
* serialNumber Serial number of certificate to revoke (in HEX)
* revocationReason Revocation reason (Described below)
* totalRecordCount [number]
* verifiedRecordCount [number]
* invalidityDate [number of seconds in Jan 1,1970]
- *
+ *
* </pre>
+ *
* revocationReason can be one of these values:
+ *
* <pre>
* 0 = Unspecified (default)
* 1 = Key compromised
@@ -204,7 +204,7 @@ public class DoRevoke extends CMSServlet {
if (req.getParameter("verifiedRecordCount") != null) {
verifiedRecordCount = Integer.parseInt(
req.getParameter(
- "verifiedRecordCount"));
+ "verifiedRecordCount"));
}
if (req.getParameter("invalidityDate") != null) {
long l = Long.parseLong(req.getParameter(
@@ -228,8 +228,8 @@ public class DoRevoke extends CMSServlet {
try {
user = (IUser) mUL.locateUser(new Certificates(certChain));
} catch (Exception e) {
- CMS.debug("DoRevoke: Failed to map certificate '"+
- cert2.getSubjectDN().getName()+"' to user.");
+ CMS.debug("DoRevoke: Failed to map certificate '" +
+ cert2.getSubjectDN().getName() + "' to user.");
}
if (mUG.isMemberOf(user, "Subsystem Group")) {
skipNonceVerification = true;
@@ -249,8 +249,8 @@ public class DoRevoke extends CMSServlet {
} else {
CMS.debug("DoRevoke: Missing nonce");
}
- CMS.debug("DoRevoke: nonceVerified="+nonceVerified);
- CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification);
+ CMS.debug("DoRevoke: nonceVerified=" + nonceVerified);
+ CMS.debug("DoRevoke: skipNonceVerification=" + skipNonceVerification);
if ((!nonceVerified) && (!skipNonceVerification)) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
@@ -275,25 +275,24 @@ public class DoRevoke extends CMSServlet {
mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
-
+
if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
if (authToken != null) {
String serialNumber = req.getParameter("serialNumber");
X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
- if (serialNumber != null) {
+ if (serialNumber != null) {
eeSerialNumber = serialNumber;
}
@@ -306,12 +305,12 @@ public class DoRevoke extends CMSServlet {
} else {
// request is fromUser.
initiative = AuditFormat.FROMUSER;
-
+
String serialNumber = req.getParameter("serialNumber");
X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
if (serialNumber == null || sslCert == null ||
- !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
+ !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
authorized = false;
} else {
eeSubjectDN = sslCert.getSubjectDN().toString();
@@ -322,14 +321,14 @@ public class DoRevoke extends CMSServlet {
if (authorized) {
process(argSet, header, reason, invalidityDate, initiative,
- req, resp, verifiedRecordCount, revokeAll,
- totalRecordCount, eeSerialNumber, eeSubjectDN,
- comments, locale[0]);
+ req, resp, verifiedRecordCount, revokeAll,
+ totalRecordCount, eeSerialNumber, eeSubjectDN,
+ comments, locale[0]);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
@@ -353,11 +352,11 @@ public class DoRevoke extends CMSServlet {
if (error == null && authorized) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else if (!authorized) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
@@ -366,8 +365,8 @@ public class DoRevoke extends CMSServlet {
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -375,58 +374,53 @@ public class DoRevoke extends CMSServlet {
/**
* Process cert status change request
* <P>
- *
- * (Certificate Request - either an "agent" cert status change request,
- * or an "EE" cert status change request)
+ *
+ * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
* <P>
- *
- * (Certificate Request Processed - either an "agent" cert status change
- * request, or an "EE" cert status change request)
+ *
+ * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
- * approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
+ * 4 - Certificate superceded, 5 - Cessation of operation, or
+ * 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param verifiedRecordCount number of verified records
* @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * certificates to be revoked
* @param totalRecordCount total number of records (verified and unverified)
* @param eeSerialNumber string containing the end-entity certificate
- * serial number
+ * serial number
* @param eeSubjectDN string containing the end-entity certificate subject
- * distinguished name (DN)
+ * distinguished name (DN)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String eeSerialNumber,
- String eeSubjectDN,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate,
+ String initiative,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ int verifiedRecordCount,
+ String revokeAll,
+ int totalRecordCount,
+ String eeSerialNumber,
+ String eeSubjectDN,
+ String comments,
+ Locale locale)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -436,7 +430,7 @@ public class DoRevoke extends CMSServlet {
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(reason);
- CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
+ CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
long startTime = CMS.getCurrentDate().getTime();
try {
@@ -483,16 +477,16 @@ public class DoRevoke extends CMSServlet {
CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber());
continue;
}
-
+
if (xcert != null) {
rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
+ xcert.getSerialNumber().toString(16));
if (eeSerialNumber != null &&
- (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
- rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+ (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
+ rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
+ CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -508,19 +502,19 @@ public class DoRevoke extends CMSServlet {
throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
} else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
rarg.addStringValue("error", "Certificate 0x" +
- xcert.getSerialNumber().toString(16) +
- " is already revoked.");
+ xcert.getSerialNumber().toString(16) +
+ " is already revoked.");
} else if (eeSubjectDN != null &&
- (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
+ (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
rarg.addStringValue("error", "Certificate 0x" +
- xcert.getSerialNumber().toString(16) +
- " belongs to different subject.");
+ xcert.getSerialNumber().toString(16) +
+ " belongs to different subject.");
} else {
oldCertsV.addElement(xcert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(xcert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(xcert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -535,9 +529,7 @@ public class DoRevoke extends CMSServlet {
Vector<String> serialNumbers = new Vector<String>();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -564,29 +556,28 @@ public class DoRevoke extends CMSServlet {
for (int i = 0; i < certs.length; i++) {
boolean addToList = false;
- for (int j = 0; j < serialNumbers.size();
- j++) {
+ for (int j = 0; j < serialNumbers.size(); j++) {
//xxxxx serial number in decimal?
if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) &&
- eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
+ eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
addToList = true;
break;
}
}
if (eeSerialNumber != null &&
- eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
+ eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
authorized = true;
}
if (addToList) {
IArgBlock rarg = CMS.createArgBlock();
rarg.addStringValue("serialNumber",
- certs[i].getSerialNumber().toString(16));
+ certs[i].getSerialNumber().toString(16));
oldCertsV.addElement(certs[i]);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(certs[i].getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -596,7 +587,7 @@ public class DoRevoke extends CMSServlet {
}
if (!authorized) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
+ CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -622,12 +613,12 @@ public class DoRevoke extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addStringValue("serialNumber",
- cert.getSerialNumber().toString(16));
+ cert.getSerialNumber().toString(16));
oldCertsV.addElement(cert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(cert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -636,8 +627,8 @@ public class DoRevoke extends CMSServlet {
}
}
}
- if (count == 0) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
+ if (count == 0) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -665,7 +656,7 @@ public class DoRevoke extends CMSServlet {
}
IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -680,7 +671,7 @@ public class DoRevoke extends CMSServlet {
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
- if(initiative.equals(AuditFormat.FROMUSER))
+ if (initiative.equals(AuditFormat.FROMUSER))
revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
else
revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
@@ -713,7 +704,7 @@ public class DoRevoke extends CMSServlet {
if (result.equals(IRequest.RES_ERROR)) {
String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ revReq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -727,18 +718,18 @@ public class DoRevoke extends CMSServlet {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -751,10 +742,10 @@ public class DoRevoke extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -768,7 +759,7 @@ public class DoRevoke extends CMSServlet {
audit(auditMessage);
}
- return;
+ return;
}
long endTime = CMS.getCurrentDate().getTime();
@@ -780,24 +771,24 @@ public class DoRevoke extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) }
+ );
}
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult =
+ revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -806,15 +797,15 @@ public class DoRevoke extends CMSServlet {
} else {
header.addStringValue("updateCRLSuccess", "no");
String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
- if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ if (crlError != null)
+ header.addStringValue("updateCRLError",
+ crlError);
}
// let known crl publishing status too.
Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -822,23 +813,23 @@ public class DoRevoke extends CMSServlet {
} else {
header.addStringValue("publishCRLSuccess", "no");
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
- if (publError != null)
- header.addStringValue("publishCRLError",
- publError);
+ if (publError != null)
+ header.addStringValue("publishCRLError",
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
// let known update and publish status of all crls.
- Enumeration<ICRLIssuingPoint> otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ Enumeration<ICRLIssuingPoint> otherCRLs =
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -857,31 +848,31 @@ public class DoRevoke extends CMSServlet {
updateStatusStr));
header.addStringValue(updateStatusStr, "no");
String error =
- revReq.getExtDataInString(updateErrorStr);
+ revReq.getExtDataInString(updateErrorStr);
- if (error != null)
+ if (error != null)
header.addStringValue(updateErrorStr,
- error);
+ error);
}
String publishStatusStr = crl.getCrlPublishStatusStr();
Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ revReq.getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr =
+ crl.getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
String error =
- revReq.getExtDataInString(publishErrorStr);
+ revReq.getExtDataInString(publishErrorStr);
- if (error != null)
+ if (error != null)
header.addStringValue(
- publishErrorStr, error);
+ publishErrorStr, error);
}
}
}
@@ -889,8 +880,8 @@ public class DoRevoke extends CMSServlet {
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus =
+ revReq.getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -907,11 +898,11 @@ public class DoRevoke extends CMSServlet {
// add crl publishing status.
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
header.addStringValue("crlPublishError",
- publError);
+ publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -946,16 +937,16 @@ public class DoRevoke extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -965,9 +956,8 @@ public class DoRevoke extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -1001,10 +991,10 @@ public class DoRevoke extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -1042,10 +1032,10 @@ public class DoRevoke extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -1062,8 +1052,8 @@ public class DoRevoke extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
@@ -1084,10 +1074,10 @@ public class DoRevoke extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -1110,11 +1100,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1140,11 +1130,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -1163,30 +1153,30 @@ public class DoRevoke extends CMSServlet {
// find out if the value is hex or decimal
int value = -1;
-
+
//try int
- try {
- value = Integer.parseInt(serialNumber,10);
+ try {
+ value = Integer.parseInt(serialNumber, 10);
} catch (NumberFormatException e) {
}
-
+
//try hex
- if( value == -1) {
+ if (value == -1) {
try {
- value = Integer.parseInt(serialNumber,16);
+ value = Integer.parseInt(serialNumber, 16);
} catch (NumberFormatException e) {
}
}
// give up if it isn't hex or dec
- if ( value == -1) {
+ if (value == -1) {
throw new NumberFormatException();
}
// convert it to hexadecimal
serialNumber = "0x"
+ Integer.toHexString(
- value);
+ value);
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1196,11 +1186,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Request Type
- *
+ *
* This method is called to obtain the "Request Type" for
* a signed audit log message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -1222,4 +1212,3 @@ public class DoRevoke extends CMSServlet {
return requestType;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index 12093661..a9f26754 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.io.OutputStream;
import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a Certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class DoRevokeTPS extends CMSServlet {
@@ -89,12 +87,10 @@ public class DoRevokeTPS extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
public DoRevokeTPS() {
super();
@@ -102,7 +98,8 @@ public class DoRevokeTPS extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template
- * file "revocationResult.template" to render the result
+ * file "revocationResult.template" to render the result
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -132,15 +129,18 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Serves HTTP request. The http parameters used by this request are as follows:
+ *
* <pre>
* serialNumber Serial number of certificate to revoke (in HEX)
* revocationReason Revocation reason (Described below)
* totalRecordCount [number]
* verifiedRecordCount [number]
* invalidityDate [number of seconds in Jan 1,1970]
- *
+ *
* </pre>
+ *
* revocationReason can be one of these values:
+ *
* <pre>
* 0 = Unspecified (default)
* 1 = Key compromised
@@ -174,7 +174,7 @@ public class DoRevokeTPS extends CMSServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
} catch (Exception e) {
- CMS.debug("DoRevokeTPS getTemplate failed");
+ CMS.debug("DoRevokeTPS getTemplate failed");
throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
@@ -215,17 +215,17 @@ public class DoRevokeTPS extends CMSServlet {
mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
+
if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
if (authToken != null) {
authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
@@ -242,11 +242,11 @@ public class DoRevokeTPS extends CMSServlet {
if (authorized) {
process(argSet, header, reason, invalidityDate, initiative, req,
- resp, revokeAll, totalRecordCount, comments, locale[0]);
+ resp, revokeAll, totalRecordCount, comments, locale[0]);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
@@ -260,10 +260,10 @@ public class DoRevokeTPS extends CMSServlet {
errorString = "error=unauthorized";
} else if (error != null) {
o_status = "status=3";
- errorString = "error="+error.toString();
+ errorString = "error=" + error.toString();
}
- String pp = o_status+"\n"+errorString;
+ String pp = o_status + "\n" + errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -271,8 +271,8 @@ public class DoRevokeTPS extends CMSServlet {
os.write(b);
os.flush();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -280,50 +280,45 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Process cert status change request
* <P>
- *
- * (Certificate Request - either an "agent" cert status change request,
- * or an "EE" cert status change request)
+ *
+ * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
* <P>
- *
- * (Certificate Request Processed - either an "agent" cert status change
- * request, or an "EE" cert status change request)
+ *
+ * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
- * approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
+ * 4 - Certificate superceded, 5 - Cessation of operation, or
+ * 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * certificates to be revoked
* @param totalRecordCount total number of records (verified and unverified)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll,
- int totalRecordCount,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate,
+ String initiative,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String revokeAll,
+ int totalRecordCount,
+ String comments,
+ Locale locale)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -333,11 +328,10 @@ public class DoRevokeTPS extends CMSServlet {
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(reason);
-
if (revokeAll != null) {
- CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
+ CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
- String serial = "";
+ String serial = "";
String[] tokens;
tokens = revokeAll.split("=");
@@ -345,9 +339,9 @@ public class DoRevokeTPS extends CMSServlet {
serial = tokens[1];
//remove the trailing paren
if (serial.endsWith(")")) {
- serial = serial.substring(0,serial.length() -1);
+ serial = serial.substring(0, serial.length() - 1);
}
- auditSerialNumber = serial;
+ auditSerialNumber = serial;
}
}
@@ -393,7 +387,7 @@ public class DoRevokeTPS extends CMSServlet {
}
X509CertImpl xcert = rec.getCertificate();
IArgBlock rarg = CMS.createArgBlock();
-
+
// we do not want to revoke the CA certificate accidentially
if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber());
@@ -403,20 +397,20 @@ public class DoRevokeTPS extends CMSServlet {
if (xcert != null) {
rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
+ xcert.getSerialNumber().toString(16));
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
alreadyRevokedCertFound = true;
- CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked.");
+ CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked.");
} else {
oldCertsV.addElement(xcert);
RevokedCertImpl revCertImpl =
- new RevokedCertImpl(xcert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ new RevokedCertImpl(xcert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
- CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked.");
+ CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked.");
count++;
}
} else {
@@ -424,27 +418,27 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- if (count == 0) {
+ if (count == 0) {
// Situation where no certs were reoked here, but some certs
// requested happened to be already revoked. Don't return error.
if (alreadyRevokedCertFound == true && badCertsRequested == false) {
- CMS.debug("Only have previously revoked certs in the list.");
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ CMS.debug("Only have previously revoked certs in the list.");
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
- audit(auditMessage);
- return;
+ audit(auditMessage);
+ return;
}
-
+
errorString = "error=No certificates are revoked.";
o_status = "status=2";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -469,7 +463,7 @@ public class DoRevokeTPS extends CMSServlet {
}
IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -484,7 +478,7 @@ public class DoRevokeTPS extends CMSServlet {
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
- if(initiative.equals(AuditFormat.FROMUSER)) {
+ if (initiative.equals(AuditFormat.FROMUSER)) {
revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
} else {
revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
@@ -518,7 +512,7 @@ public class DoRevokeTPS extends CMSServlet {
if (result.equals(IRequest.RES_ERROR)) {
String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ revReq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -532,18 +526,18 @@ public class DoRevokeTPS extends CMSServlet {
if (oldCerts[j] != null) {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -556,10 +550,10 @@ public class DoRevokeTPS extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -573,7 +567,7 @@ public class DoRevokeTPS extends CMSServlet {
audit(auditMessage);
}
- return;
+ return;
}
long endTime = CMS.getCurrentDate().getTime();
@@ -585,24 +579,24 @@ public class DoRevokeTPS extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) }
+ );
}
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult =
+ revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -615,16 +609,16 @@ public class DoRevokeTPS extends CMSServlet {
}
// let known crl publishing status too.
Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
o_status = "status=3";
if (publError != null) {
- errorString = "error="+publError;
+ errorString = "error=" + publError;
}
}
}
@@ -632,12 +626,12 @@ public class DoRevokeTPS extends CMSServlet {
if (mAuthority instanceof ICertificateAuthority) {
// let known update and publish status of all crls.
- Enumeration<ICRLIssuingPoint> otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ Enumeration<ICRLIssuingPoint> otherCRLs =
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -652,25 +646,25 @@ public class DoRevokeTPS extends CMSServlet {
CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
updateStatusStr));
String error =
- revReq.getExtDataInString(updateErrorStr);
+ revReq.getExtDataInString(updateErrorStr);
o_status = "status=3";
- if (error != null) {
- errorString = "error="+error;
+ if (error != null) {
+ errorString = "error=" + error;
}
}
String publishStatusStr = crl.getCrlPublishStatusStr();
Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ revReq.getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (!publishResult.equals(IRequest.RES_SUCCESS)) {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr =
+ crl.getCrlPublishErrorStr();
String error =
- revReq.getExtDataInString(publishErrorStr);
+ revReq.getExtDataInString(publishErrorStr);
o_status = "status=3";
if (error != null) {
@@ -683,8 +677,8 @@ public class DoRevokeTPS extends CMSServlet {
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus =
+ revReq.getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -699,10 +693,10 @@ public class DoRevokeTPS extends CMSServlet {
// add crl publishing status.
String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- errorString = "error="+publError;
+ errorString = "error=" + publError;
o_status = "status=3";
}
} else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) {
@@ -712,7 +706,7 @@ public class DoRevokeTPS extends CMSServlet {
} else {
if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
o_status = "status=2";
- errorString = "error="+stat.toString();
+ errorString = "error=" + stat.toString();
} else {
o_status = "status=2";
errorString = "error=Undefined request status";
@@ -743,16 +737,16 @@ public class DoRevokeTPS extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -762,9 +756,8 @@ public class DoRevokeTPS extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -799,10 +792,10 @@ public class DoRevokeTPS extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -819,8 +812,8 @@ public class DoRevokeTPS extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
@@ -841,10 +834,10 @@ public class DoRevokeTPS extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -867,11 +860,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -897,11 +890,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -920,7 +913,7 @@ public class DoRevokeTPS extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
+ Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ Integer.valueOf(serialNumber).intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -930,11 +923,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Request Type
- *
+ *
* This method is called to obtain the "Request Type" for
* a signed audit log message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -956,4 +949,3 @@ public class DoRevokeTPS extends CMSServlet {
return requestType;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index e1791045..e5b3fe80 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Enumeration;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* 'Unrevoke' a certificate. (For certificates that are on-hold only,
* take them off-hold)
- *
+ *
* @version $Revision$, $Date$
*/
public class DoUnrevoke extends CMSServlet {
@@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet {
private final static String OFF_HOLD = "off-hold";
private final static int OFF_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
public DoUnrevoke() {
super();
}
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -112,14 +109,11 @@ public class DoUnrevoke extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
- * certificate must be revoked with a revovcation reason 'on hold' for this
- * operation to succeed. The serial number may be expressed as a hex number by
- * prefixing '0x' to the serialNumber string
+ * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -136,10 +130,10 @@ public class DoUnrevoke extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -152,17 +146,17 @@ public class DoUnrevoke extends CMSServlet {
//for audit log.
IAuthToken authToken = authenticate(cmsReq);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
authMgr =
authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- } else {
- CMS.debug( "DoUnrevoke::process() - authToken is null!" );
+ } else {
+ CMS.debug("DoUnrevoke::process() - authToken is null!");
return;
}
String agentID = authToken.getInString("userid");
String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
- + " authenticated by " + authMgr;
+ + " authenticated by " + authMgr;
AuthzToken authzToken = null;
@@ -171,10 +165,10 @@ public class DoUnrevoke extends CMSServlet {
mAuthzResourceName, "unrevoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -186,7 +180,7 @@ public class DoUnrevoke extends CMSServlet {
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -197,44 +191,39 @@ public class DoUnrevoke extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
/**
* Process X509 cert status change request
* <P>
- *
- * (Certificate Request - an "agent" cert status change request to take
- * a certificate off-hold)
+ *
+ * (Certificate Request - an "agent" cert status change request to take a certificate off-hold)
* <P>
- *
- * (Certificate Request Processed - an "agent" cert status change request
- * to take a certificate off-hold)
+ *
+ * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
- * approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (taken off-hold)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param serialNumbers the serial number of the certificate
@@ -245,11 +234,11 @@ public class DoUnrevoke extends CMSServlet {
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- BigInteger[] serialNumbers,
- HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale, String initiative)
- throws EBaseException {
+ BigInteger[] serialNumbers,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ Locale locale, String initiative)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -265,8 +254,9 @@ public class DoUnrevoke extends CMSServlet {
// certs are for old cloning and they should be removed as soon as possible
X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
for (int i = 0; i < serialNumbers.length; i++) {
- certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
- if (snList.length() > 0) snList.append(", ");
+ certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+ if (snList.length() > 0)
+ snList.append(", ");
snList.append("0x");
snList.append(serialNumbers[i].toString(16));
}
@@ -310,15 +300,15 @@ public class DoUnrevoke extends CMSServlet {
header.addStringValue("unrevoked", "yes");
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "completed",
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
} else {
header.addStringValue("unrevoked", "no");
@@ -328,29 +318,29 @@ public class DoUnrevoke extends CMSServlet {
header.addStringValue("error", error);
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed with error: " +
- error,
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ error,
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
/****************************************************/
-
+
/* IMPORTANT: In the event that the following */
-
+
/* "throw error;" statement is */
-
+
/* uncommented, uncomment the following */
-
+
/* signed audit log message, also!!! */
-
+
/****************************************************/
// // store a message in the signed audit log file
@@ -379,8 +369,8 @@ public class DoUnrevoke extends CMSServlet {
}
}
- Integer updateCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult =
+ unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -389,15 +379,15 @@ public class DoUnrevoke extends CMSServlet {
} else {
header.addStringValue("updateCRLSuccess", "no");
String crlError =
- unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
- if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ if (crlError != null)
+ header.addStringValue("updateCRLError",
+ crlError);
}
// let known crl publishing status too.
- Integer publishCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult =
+ unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -405,22 +395,22 @@ public class DoUnrevoke extends CMSServlet {
} else {
header.addStringValue("publishCRLSuccess", "no");
String publError =
- unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
- if (publError != null)
- header.addStringValue("publishCRLError",
- publError);
+ if (publError != null)
+ header.addStringValue("publishCRLError",
+ publError);
}
}
}
// let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ Enumeration otherCRLs =
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -431,48 +421,48 @@ public class DoUnrevoke extends CMSServlet {
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
CMS.debug("DoUnrevoke: adding header " +
- updateStatusStr + " yes ");
+ updateStatusStr + " yes ");
header.addStringValue(updateStatusStr, "yes");
} else {
String updateErrorStr = crl.getCrlUpdateErrorStr();
CMS.debug("DoUnrevoke: adding header " +
- updateStatusStr + " no ");
+ updateStatusStr + " no ");
header.addStringValue(updateStatusStr, "no");
String error =
- unrevReq.getExtDataInString(updateErrorStr);
+ unrevReq.getExtDataInString(updateErrorStr);
- if (error != null)
+ if (error != null)
header.addStringValue(
- updateErrorStr, error);
+ updateErrorStr, error);
}
String publishStatusStr = crl.getCrlPublishStatusStr();
Integer publishResult =
- unrevReq.getExtDataInInteger(publishStatusStr);
+ unrevReq.getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr =
+ crl.getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
String error =
- unrevReq.getExtDataInString(publishErrorStr);
+ unrevReq.getExtDataInString(publishErrorStr);
- if (error != null)
+ if (error != null)
header.addStringValue(
- publishErrorStr, error);
+ publishErrorStr, error);
}
}
}
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus =
+ unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
if (ldapPublishStatus != null) {
if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) {
@@ -490,30 +480,30 @@ public class DoUnrevoke extends CMSServlet {
header.addStringValue("unrevoked", "pending");
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "pending",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "pending",
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
} else {
header.addStringValue("error", "Request Status.Error");
header.addStringValue("unrevoked", "no");
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- status.toString(),
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ status.toString(),
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
}
@@ -521,9 +511,8 @@ public class DoUnrevoke extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -557,10 +546,10 @@ public class DoUnrevoke extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -580,7 +569,7 @@ public class DoUnrevoke extends CMSServlet {
}
private BigInteger[] getSerialNumbers(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -601,7 +590,7 @@ public class DoUnrevoke extends CMSServlet {
biList.addElement(bi);
} else {
throw new NumberFormatException();
- }
+ }
}
if (biList.size() < 1) {
throw new NumberFormatException();
@@ -617,11 +606,11 @@ public class DoUnrevoke extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -647,11 +636,11 @@ public class DoUnrevoke extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -670,7 +659,7 @@ public class DoUnrevoke extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
+ Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ Integer.valueOf(serialNumber).intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -678,4 +667,3 @@ public class DoUnrevoke extends CMSServlet {
return serialNumber;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
index 8f46ee9c..65716c07 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
@@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* 'Unrevoke' a certificate. (For certificates that are on-hold only,
* take them off-hold)
- *
+ *
* @version $Revision$, $Date$
*/
public class DoUnrevokeTPS extends CMSServlet {
@@ -81,19 +79,18 @@ public class DoUnrevokeTPS extends CMSServlet {
private final static String OFF_HOLD = "off-hold";
private final static int OFF_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
public DoUnrevokeTPS() {
super();
}
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -112,14 +109,11 @@ public class DoUnrevokeTPS extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
- * certificate must be revoked with a revovcation reason 'on hold' for this
- * operation to succeed. The serial number may be expressed as a hex number by
- * prefixing '0x' to the serialNumber string
+ * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -133,16 +127,16 @@ public class DoUnrevokeTPS extends CMSServlet {
Locale[] locale = new Locale[1];
-/*
- try {
- form = getTemplate(mFormPath, req, locale);
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
- }
-*/
+ /*
+ try {
+ form = getTemplate(mFormPath, req, locale);
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ }
+ */
try {
serialNumbers = getSerialNumbers(req);
@@ -150,17 +144,17 @@ public class DoUnrevokeTPS extends CMSServlet {
//for audit log.
IAuthToken authToken = authenticate(cmsReq);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
authMgr =
authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- } else {
- CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" );
+ } else {
+ CMS.debug("DoUnrevokeTPS::process() - authToken is null!");
return;
- }
+ }
String agentID = authToken.getInString("userid");
String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
- + " authenticated by " + authMgr;
+ + " authenticated by " + authMgr;
AuthzToken authzToken = null;
@@ -169,17 +163,17 @@ public class DoUnrevokeTPS extends CMSServlet {
mAuthzResourceName, "unrevoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
o_status = "status=3";
errorString = "error=unauthorized";
- String pp = o_status+"\n"+errorString;
+ String pp = o_status + "\n" + errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -192,7 +186,7 @@ public class DoUnrevokeTPS extends CMSServlet {
process(serialNumbers, req, resp, locale[0], initiative);
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
} catch (IOException e) {
@@ -206,10 +200,10 @@ public class DoUnrevokeTPS extends CMSServlet {
errorString = "error=";
} else {
o_status = "status=3";
- errorString = "error="+error.toString();
+ errorString = "error=" + error.toString();
}
- String pp = o_status+"\n"+errorString;
+ String pp = o_status + "\n" + errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -217,33 +211,28 @@ public class DoUnrevokeTPS extends CMSServlet {
os.write(b);
os.flush();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
/**
* Process X509 cert status change request
* <P>
- *
- * (Certificate Request - an "agent" cert status change request to take
- * a certificate off-hold)
+ *
+ * (Certificate Request - an "agent" cert status change request to take a certificate off-hold)
* <P>
- *
- * (Certificate Request Processed - an "agent" cert status change request
- * to take a certificate off-hold)
+ *
+ * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
- * approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (taken off-hold)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold)
* </ul>
+ *
* @param serialNumbers the serial number of the certificate
* @param req HTTP servlet request
* @param resp HTTP servlet response
@@ -252,10 +241,10 @@ public class DoUnrevokeTPS extends CMSServlet {
* @exception EBaseException an error has occurred
*/
private void process(BigInteger[] serialNumbers,
- HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale, String initiative)
- throws EBaseException {
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ Locale locale, String initiative)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -271,8 +260,9 @@ public class DoUnrevokeTPS extends CMSServlet {
// certs are for old cloning and they should be removed as soon as possible
X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
for (int i = 0; i < serialNumbers.length; i++) {
- certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
- if (snList.length() > 0) snList += ", ";
+ certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+ if (snList.length() > 0)
+ snList += ", ";
snList += "0x" + serialNumbers[i].toString(16);
}
@@ -313,76 +303,76 @@ public class DoUnrevokeTPS extends CMSServlet {
if (result != null && result.equals(IRequest.RES_SUCCESS)) {
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "completed",
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
} else {
String error = unrevReq.getExtDataInString(IRequest.ERROR);
if (error != null) {
o_status = "status=3";
- errorString = "error="+error;
+ errorString = "error=" + error;
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed with error: " +
- error,
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ error,
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
}
}
- Integer updateCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult =
+ unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
String crlError =
- unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
if (crlError != null) {
o_status = "status=3";
- errorString = "error="+crlError;
+ errorString = "error=" + crlError;
}
}
// let known crl publishing status too.
- Integer publishCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult =
+ unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
String publError =
- unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
o_status = "status=3";
- errorString = "error="+publError;
+ errorString = "error=" + publError;
}
}
}
}
// let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ Enumeration otherCRLs =
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -394,37 +384,37 @@ public class DoUnrevokeTPS extends CMSServlet {
if (!updateResult.equals(IRequest.RES_SUCCESS)) {
String updateErrorStr = crl.getCrlUpdateErrorStr();
String error =
- unrevReq.getExtDataInString(updateErrorStr);
+ unrevReq.getExtDataInString(updateErrorStr);
if (error != null) {
o_status = "status=3";
- errorString = "error="+error;
+ errorString = "error=" + error;
}
}
String publishStatusStr = crl.getCrlPublishStatusStr();
Integer publishResult =
- unrevReq.getExtDataInInteger(publishStatusStr);
+ unrevReq.getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (!publishResult.equals(IRequest.RES_SUCCESS)) {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr =
+ crl.getCrlPublishErrorStr();
String error =
- unrevReq.getExtDataInString(publishErrorStr);
+ unrevReq.getExtDataInString(publishErrorStr);
if (error != null) {
o_status = "status=3";
- errorString = "error="+error;
+ errorString = "error=" + error;
}
}
}
}
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
- Integer[] ldapPublishStatus =
- unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus =
+ unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
if (ldapPublishStatus != null) {
if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) {
@@ -432,25 +422,25 @@ public class DoUnrevokeTPS extends CMSServlet {
errorString = "error=Problem in publishing to LDAP";
}
}
- } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) {
+ } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) {
o_status = "status=3";
errorString = "error=LDAP Publisher not enabled";
}
} else if (status == RequestStatus.PENDING) {
o_status = "status=2";
- errorString = "error="+status.toString();
+ errorString = "error=" + status.toString();
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "pending",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "pending",
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
} else {
o_status = "status=2";
@@ -458,15 +448,15 @@ public class DoUnrevokeTPS extends CMSServlet {
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- status.toString(),
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ status.toString(),
+ certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) }
+ );
}
}
@@ -474,9 +464,8 @@ public class DoUnrevokeTPS extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -510,10 +499,10 @@ public class DoUnrevokeTPS extends CMSServlet {
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(
RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
auditSubjectID,
@@ -533,7 +522,7 @@ public class DoUnrevokeTPS extends CMSServlet {
}
private BigInteger[] getSerialNumbers(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -554,7 +543,7 @@ public class DoUnrevokeTPS extends CMSServlet {
biList.addElement(bi);
} else {
throw new NumberFormatException();
- }
+ }
}
if (biList.size() < 1) {
throw new NumberFormatException();
@@ -570,11 +559,11 @@ public class DoUnrevokeTPS extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -600,11 +589,11 @@ public class DoUnrevokeTPS extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -623,7 +612,7 @@ public class DoUnrevokeTPS extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
+ Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ Integer.valueOf(serialNumber).intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -631,4 +620,3 @@ public class DoUnrevokeTPS extends CMSServlet {
return serialNumber;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
index b1d89426..2a143b66 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* For Face-to-face enrollment, enable EE enrollment feature
- *
+ *
* @version $Revision$, $Date$
* @see com.netscape.cms.servlet.cert.DisableEnrollResult
*/
@@ -88,7 +86,7 @@ public class EnableEnrollResult extends CMSServlet {
* Services the request
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -119,7 +117,7 @@ public class EnableEnrollResult extends CMSServlet {
if (!(mAuthority instanceof IRegistrationAuthority)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -130,10 +128,10 @@ public class EnableEnrollResult extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -162,7 +160,7 @@ public class EnableEnrollResult extends CMSServlet {
String timeout = args.getValueAsString("timeout", "600");
mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000,
- random.nextLong() + "", 0);
+ random.nextLong() + "", 0);
header.addStringValue("code", "0");
}
@@ -173,10 +171,10 @@ public class EnableEnrollResult extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index 44d0c509..a717aa71 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
@@ -75,10 +74,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor;
import com.netscape.cms.servlet.processors.PKCS10Processor;
import com.netscape.cms.servlet.processors.PKIProcessor;
-
/**
* Submit a Certificate Enrollment request
- *
+ *
* @version $Revision$, $Date$
*/
public class EnrollServlet extends CMSServlet {
@@ -90,8 +88,7 @@ public class EnrollServlet extends CMSServlet {
public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll";
// enrollment templates.
- public static final String
- ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
+ public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
// http params
public static final String OLD_CERT_TYPE = "csrCertType";
@@ -116,8 +113,7 @@ public class EnrollServlet extends CMSServlet {
private boolean mAuthTokenOverride = true;
private String mEnrollSuccessTemplate = null;
- private ICMSTemplateFiller
- mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+ private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
ICertificateAuthority mCa = null;
ICertificateRepository mRepository = null;
@@ -126,55 +122,55 @@ public class EnrollServlet extends CMSServlet {
private String auditServiceID = ILogger.UNIDENTIFIED;
private final static String ADMIN_CA_ENROLLMENT_SERVLET =
- "caadminEnroll";
+ "caadminEnroll";
private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET =
- "cabulkissuance";
+ "cabulkissuance";
private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET =
- "rabulkissuance";
+ "rabulkissuance";
private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET =
- "cacertbasedenrollment";
+ "cacertbasedenrollment";
private final static String EE_CA_ENROLLMENT_SERVLET =
- "caenrollment";
+ "caenrollment";
private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET =
- "racertbasedenrollment";
+ "racertbasedenrollment";
private final static String EE_RA_ENROLLMENT_SERVLET =
- "raenrollment";
+ "raenrollment";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
- private final static String[]
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
- /* 0 */ "automated non-profile cert request rejection: "
+ private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+ /* 0 */"automated non-profile cert request rejection: "
+ "unable to render OLD_CERT_TYPE response",
-
- /* 1 */ "automated non-profile cert request rejection: "
+
+ /* 1 */"automated non-profile cert request rejection: "
+ "unable to complete handleEnrollAuditLog() method",
-
- /* 2 */ "automated non-profile cert request rejection: "
+
+ /* 2 */"automated non-profile cert request rejection: "
+ "unable to render success template",
-
- /* 3 */ "automated non-profile cert request rejection: "
+
+ /* 3 */"automated non-profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to an EBaseException"
};
- private final static String
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
+ private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
+ "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+
private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-
+
public EnrollServlet() {
super();
}
/**
- * initialize the servlet.<p>
- * the following parameters are read from the servlet config:
- * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages
- * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+ * initialize the servlet.
+ * <p>
+ * the following parameters are read from the servlet config:
+ * <ul>
+ * <li>CMSServlet.PROP_ID - ID for signed audit log messages
+ * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -185,8 +181,8 @@ public class EnrollServlet extends CMSServlet {
try {
IConfigStore configStore = CMS.getConfigStore();
- String PKI_Subsystem = configStore.getString( "subsystem.0.id",
- null );
+ String PKI_Subsystem = configStore.getString("subsystem.0.id",
+ null);
// CMS 6.1 began utilizing the "Certificate Profiles" framework
// instead of the legacy "Certificate Policies" framework.
@@ -213,35 +209,35 @@ public class EnrollServlet extends CMSServlet {
// The "EnrollServlet.java" servlet is NOT used by
// the KRA.
//
- if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) {
+ if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) {
String policyStatus = PKI_Subsystem.trim().toLowerCase()
+ "." + "Policy"
+ "." + IPolicyProcessor.PROP_ENABLE;
- if( configStore.getBoolean( policyStatus, true ) == true ) {
+ if (configStore.getBoolean(policyStatus, true) == true) {
// NOTE: If "<subsystem>.Policy.enable=<boolean>"
// is missing, then the referenced instance
// existed prior to this name=value pair
// existing in its 'CS.cfg' file, and thus
// we err on the side that the user may
// still need to use the policy framework.
- CMS.debug( "EnrollServlet::init Certificate "
+ CMS.debug("EnrollServlet::init Certificate "
+ "Policy Framework (deprecated) "
- + "is ENABLED" );
+ + "is ENABLED");
} else {
// CS 8.1 Default: <subsystem>.Policy.enable=false
- CMS.debug( "EnrollServlet::init Certificate "
+ CMS.debug("EnrollServlet::init Certificate "
+ "Policy Framework (deprecated) "
- + "is DISABLED" );
+ + "is DISABLED");
return;
}
}
- } catch( EBaseException e ) {
- throw new ServletException( "EnrollServlet::init - "
+ } catch (EBaseException e) {
+ throw new ServletException("EnrollServlet::init - "
+ "EBaseException: "
+ "Unable to initialize "
+ "Certificate Policy Framework "
- + "(deprecated)" );
+ + "(deprecated)");
}
// override success template to allow direct import of keygen certs.
@@ -254,18 +250,18 @@ public class EnrollServlet extends CMSServlet {
if (id != null) {
if (!(auditServiceID.equals(
ADMIN_CA_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- AGENT_CA_BULK_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- AGENT_RA_BULK_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_CA_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_RA_ENROLLMENT_SERVLET))) {
+ && !(auditServiceID.equals(
+ AGENT_CA_BULK_ENROLLMENT_SERVLET))
+ && !(auditServiceID.equals(
+ AGENT_RA_BULK_ENROLLMENT_SERVLET))
+ && !(auditServiceID.equals(
+ EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
+ && !(auditServiceID.equals(
+ EE_CA_ENROLLMENT_SERVLET))
+ && !(auditServiceID.equals(
+ EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
+ && !(auditServiceID.equals(
+ EE_RA_ENROLLMENT_SERVLET))) {
auditServiceID = ILogger.UNIDENTIFIED;
} else {
auditServiceID = id.trim();
@@ -282,7 +278,7 @@ public class EnrollServlet extends CMSServlet {
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mEnrollSuccessFiller = filler;
}
@@ -292,9 +288,9 @@ public class EnrollServlet extends CMSServlet {
init_testbed_hack(mConfig);
} catch (Exception e) {
// this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
- e.toString(), mId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
+ e.toString(), mId));
}
} catch (ServletException eAudit1) {
// rethrow caught exception
@@ -302,46 +298,43 @@ public class EnrollServlet extends CMSServlet {
}
}
-
- /**
- * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
- * Getter method to see if Proof of Posession checking is enabled.
- * this value is set in the CMS.cfg filem with the parameter
- * "enrollment.enforcePop". It defaults to false
- * @return true if user is required to Prove that they possess the
- * private key corresponding to the public key in the certificate
- * request they are submitting
- */
+ /**
+ * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
+ * Getter method to see if Proof of Posession checking is enabled.
+ * this value is set in the CMS.cfg filem with the parameter
+ * "enrollment.enforcePop". It defaults to false
+ *
+ * @return true if user is required to Prove that they possess the
+ * private key corresponding to the public key in the certificate
+ * request they are submitting
+ */
public boolean getEnforcePop() {
return enforcePop;
}
/**
- * Process the HTTP request.
- * <UL><LI>If the request is coming through the admin port, it is only
- * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
- * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is
- * renamed with more information about the current request ID
- * <LI>The request is preprocessed, then processed further in one
- * of the cert request processor classes: KeyGenProcessor, PKCS10Processor,
- * CMCProcessor, CRMFProcessor
- * </UL>
- *
+ * Process the HTTP request.
+ * <UL>
+ * <LI>If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
+ * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about the current request ID
+ * <LI>The request is preprocessed, then processed further in one of the cert request processor classes: KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor
+ * </UL>
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
// SPECIAL CASE:
// if it is adminEnroll servlet,check if it's enabled
if (mId.equals(ADMIN_ENROLL_SERVLET_ID) &&
- !CMSGateway.getEnableAdminEnroll()) {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
+ !CMSGateway.getEnableAdminEnroll()) {
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
+ CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
}
- processX509(cmsReq);
+ processX509(cmsReq);
}
private boolean getCertAuthEnrollStatus(IArgBlock httpParams) {
@@ -359,7 +352,7 @@ public class EnrollServlet extends CMSServlet {
boolean certAuthEnroll = false;
String certAuthEnrollOn =
- httpParams.getValueAsString("certauthEnroll", null);
+ httpParams.getValueAsString("certauthEnroll", null);
if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
certAuthEnroll = true;
@@ -371,7 +364,7 @@ public class EnrollServlet extends CMSServlet {
}
private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll)
- throws EBaseException {
+ throws EBaseException {
String certauthEnrollType = null;
@@ -387,53 +380,53 @@ public class EnrollServlet extends CMSServlet {
CMS.debug("EnrollServlet: certauthEnrollType is single");
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+ CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
}
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
}
}
-
+
return certauthEnrollType;
-
+
}
private boolean checkClientCertSigningOnly(X509Certificate sslClientCert)
- throws EBaseException {
+ throws EBaseException {
if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
false) ||
- ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+ ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
true) &&
(CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
true))) {
// either it's not a signing cert, or it's a dual cert
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+ CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
}
return true;
}
-
+
private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert,
- ICertificateAuthority mCa, String certBasedOldSubjectDN,
- BigInteger certBasedOldSerialNum)
- throws EBaseException {
-
+ ICertificateAuthority mCa, String certBasedOldSubjectDN,
+ BigInteger certBasedOldSerialNum)
+ throws EBaseException {
+
CMS.debug("EnrollServlet: In handleCertAuthDual!");
-
+
if (mCa == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NOT_A_CA"));
+ CMS.getLogMessage("CMSGW_NOT_A_CA"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+ CMS.getUserMessage("CMS_GW_NOT_A_CA"));
}
// first, make sure the client cert is indeed a
@@ -456,20 +449,20 @@ public class EnrollServlet extends CMSServlet {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
}
String filter =
- "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
+ "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
ICertRecordList list =
- (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+ (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
int size = list.getSize();
Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
boolean gotEncCert = false;
@@ -482,8 +475,8 @@ public class EnrollServlet extends CMSServlet {
// pairing encryption cert not found
} else {
X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
- X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
- encCertInfo};
+ X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+ encCertInfo };
int i = 1;
boolean encCertFound = false;
@@ -494,7 +487,7 @@ public class EnrollServlet extends CMSServlet {
// if not encryption cert only, try next one
if ((CMS.isEncryptionCert(cert) == false) ||
- ((CMS.isEncryptionCert(cert) == true) &&
+ ((CMS.isEncryptionCert(cert) == true) &&
(CMS.isSigningCert(cert) == true))) {
CMS.debug("EnrollServlet: Not encryption only cert, will try next one.");
@@ -508,27 +501,27 @@ public class EnrollServlet extends CMSServlet {
try {
encCertInfo = (X509CertInfo)
cert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
}
try {
encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
}
CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!");
@@ -545,13 +538,13 @@ public class EnrollServlet extends CMSServlet {
CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length);
return cInfoArray;
- }
+ }
}
private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken,
- X509CertInfo certInfo, long startTime)
- throws EBaseException {
+ X509CertInfo certInfo, long startTime)
+ throws EBaseException {
//for audit log
String initiative = null;
@@ -563,7 +556,7 @@ public class EnrollServlet extends CMSServlet {
} else {
agentID = authToken.getInString("userid");
initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
- }
+ }
// if service not complete return standard templates.
RequestStatus status = req.getRequestStatus();
@@ -584,54 +577,54 @@ public class EnrollServlet extends CMSServlet {
wholeMsg.append(msgs.nextElement());
}
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT),
- " violation: " +
- wholeMsg.toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT),
+ " violation: " +
+ wholeMsg.toString() }
+ );
} else { // no policy violation, from agent
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT), "" }
+ );
}
} else { // other imcomplete status
long endTime = CMS.getCurrentDate().getTime();
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" }
+ );
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ e.toString()));
}
return false;
}
@@ -643,7 +636,7 @@ public class EnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
String[] svcErrors =
- req.getExtDataInStringArray(IRequest.SVCERRORS);
+ req.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -657,26 +650,26 @@ public class EnrollServlet extends CMSServlet {
// audit log the error
try {
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed with error: " +
- err,
- certInfo.get(X509CertInfo.SUBJECT), ""
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed with error: " +
+ err,
+ certInfo.get(X509CertInfo.SUBJECT), ""
}
- );
+ );
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ e.toString()));
}
}
@@ -693,29 +686,23 @@ public class EnrollServlet extends CMSServlet {
/**
* Process X509 certificate enrollment request
* <P>
- *
- * (Certificate Request - either an "admin" cert request for an admin
- * certificate, an "agent" cert request for "bulk enrollment", or
- * an "EE" standard cert request)
+ *
+ * (Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for "bulk enrollment", or an "EE" standard cert request)
* <P>
- *
- * (Certificate Request Processed - either an automated "admin" non-profile
- * based CA admin cert acceptance, an automated "admin" non-profile based
- * CA admin cert rejection, an automated "EE" non-profile based cert
- * acceptance, or an automated "EE" non-profile based cert rejection)
+ *
+ * (Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance, or an automated "EE" non-profile based cert rejection)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
- * non-profile cert request is made (before approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq a certificate enrollment request
* @exception EBaseException an error has occurred
*/
- protected void processX509(CMSRequest cmsReq)
- throws EBaseException {
+ protected void processX509(CMSRequest cmsReq)
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -733,7 +720,7 @@ public class EnrollServlet extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
- /* XXX shouldn't we read this from ServletConfig at init time? */
+ /* XXX shouldn't we read this from ServletConfig at init time? */
enforcePop = configStore.getBoolean("enrollment.enforcePop", false);
CMS.debug("EnrollServlet: enforcePop " + enforcePop);
@@ -743,7 +730,7 @@ public class EnrollServlet extends CMSServlet {
startTime = CMS.getCurrentDate().getTime();
httpParams = cmsReq.getHttpParams();
httpReq = cmsReq.getHttpReq();
- if (mAuthMgr != null) {
+ if (mAuthMgr != null) {
authToken = authenticate(cmsReq);
}
@@ -752,10 +739,10 @@ public class EnrollServlet extends CMSServlet {
mAuthzResourceName, "submit");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -791,14 +778,14 @@ public class EnrollServlet extends CMSServlet {
}
try {
- if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
- String currentName = Thread.currentThread().getName();
+ if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
+ String currentName = Thread.currentThread().getName();
Thread.currentThread().setName(currentName
- + "-request-"
- + req.getRequestId().toString()
- + "-"
- + (new Date()).getTime());
+ + "-request-"
+ + req.getRequestId().toString()
+ + "-"
+ + (new Date()).getTime());
}
} catch (Exception e) {
}
@@ -844,7 +831,7 @@ public class EnrollServlet extends CMSServlet {
CMS.debug("EnrollServlet: In EnrollServlet.processX509!");
CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll);
CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType);
-
+
String challengePassword = httpParams.getValueAsString(
"challengePassword", "");
@@ -865,7 +852,7 @@ public class EnrollServlet extends CMSServlet {
sslClientCert = getSSLClientCertificate(httpReq);
if (sslClientCert == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
+ CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
@@ -882,7 +869,7 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+ CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
}
certBasedOldSubjectDN = (String)
@@ -904,10 +891,10 @@ public class EnrollServlet extends CMSServlet {
try {
certInfo = (X509CertInfo)
((X509CertImpl) sslClientCert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
@@ -924,14 +911,14 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+ CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
}
} else {
CMS.debug("EnrollServlet: No CertAuthEnroll.");
certInfo = CMS.getDefaultX509CertInfo();
}
- X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+ X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
X509CertInfo authCertInfo = null;
String authMgr = AuditFormat.NOAUTH;
@@ -943,12 +930,12 @@ public class EnrollServlet extends CMSServlet {
// don't store agent token in request.
// agent currently used for bulk issuance.
// if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- log(ILogger.LL_INFO,
- "Enrollment request was authenticated by " +
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+ log(ILogger.LL_INFO,
+ "Enrollment request was authenticated by " +
+ authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
PKIProcessor.fillCertInfoFromAuthToken(certInfo,
- authToken);
+ authToken);
// save authtoken attrs to request directly
// (for policy use)
saveAuthToken(authToken, req);
@@ -964,8 +951,8 @@ public class EnrollServlet extends CMSServlet {
// "from ssl client cert");
if (authToken == null) {
// authToken is null, can't match to anyone; bail!
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
@@ -1039,24 +1026,23 @@ public class EnrollServlet extends CMSServlet {
ex.printStackTrace();
}
}
-
+
String cmc = null;
String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null);
-
- if(asciiBASE64Blob!=null)
- {
- int startIndex = asciiBASE64Blob.indexOf(HEADER);
- int endIndex = asciiBASE64Blob.indexOf(TRAILER);
- if (startIndex!= -1 && endIndex!=-1) {
- startIndex = startIndex + HEADER.length();
- cmc=asciiBASE64Blob.substring(startIndex, endIndex);
- }else
- cmc = asciiBASE64Blob;
- CMS.debug("EnrollServlet: cmc " + cmc);
+
+ if (asciiBASE64Blob != null) {
+ int startIndex = asciiBASE64Blob.indexOf(HEADER);
+ int endIndex = asciiBASE64Blob.indexOf(TRAILER);
+ if (startIndex != -1 && endIndex != -1) {
+ startIndex = startIndex + HEADER.length();
+ cmc = asciiBASE64Blob.substring(startIndex, endIndex);
+ } else
+ cmc = asciiBASE64Blob;
+ CMS.debug("EnrollServlet: cmc " + cmc);
}
-
+
String crmf = httpParams.getValueAsString(CRMF_REQUEST, null);
-
+
CMS.debug("EnrollServlet: crmf " + crmf);
if (certAuthEnroll == true) {
@@ -1066,7 +1052,7 @@ public class EnrollServlet extends CMSServlet {
// for dual certs
if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
- CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
+ CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
boolean gotEncCert = false;
X509CertInfo[] cInfoArray = null;
@@ -1103,8 +1089,8 @@ public class EnrollServlet extends CMSServlet {
if (gotEncCert == false) {
// encryption cert not found, bail
log(ILogger.LL_FAILURE,
- CMS.getLogMessage(
- "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getLogMessage(
+ "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
@@ -1121,7 +1107,7 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
@@ -1158,12 +1144,12 @@ public class EnrollServlet extends CMSServlet {
this);
keyGenProc.fillCertInfo(null, certInfo,
- authToken, httpParams);
+ authToken, httpParams);
req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
} else if (crmf != null && crmf != "") {
CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
@@ -1173,13 +1159,13 @@ public class EnrollServlet extends CMSServlet {
req);
req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
@@ -1196,7 +1182,7 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+ CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
@@ -1208,13 +1194,13 @@ public class EnrollServlet extends CMSServlet {
this);
keyGenProc.fillCertInfo(null, certInfo,
- authToken, httpParams);
+ authToken, httpParams);
} else if (pkcs10 != null) {
PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq,
this);
pkcs10Proc.fillCertInfo(pkcs10, certInfo,
- authToken, httpParams);
+ authToken, httpParams);
} else if (cmc != null && cmc != "") {
CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
@@ -1230,9 +1216,9 @@ public class EnrollServlet extends CMSServlet {
httpParams,
req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
@@ -1249,10 +1235,10 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+ CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
}
req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
}
} else if (keyGenInfo != null) {
@@ -1279,9 +1265,9 @@ public class EnrollServlet extends CMSServlet {
certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken,
httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
@@ -1300,28 +1286,26 @@ public class EnrollServlet extends CMSServlet {
throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
}
-
// if ca, fill in default signing alg here
-
+
try {
- ICertificateAuthority caSub =
- (ICertificateAuthority) CMS.getSubsystem("ca");
- if (certInfoArray != null && caSub != null) {
- for (int ix = 0; ix < certInfoArray.length; ix++) {
- X509CertInfo ci = (X509CertInfo)certInfoArray[ix];
- String defaultSig = caSub.getDefaultAlgorithm();
- AlgorithmId algid = AlgorithmId.get(defaultSig);
- ci.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(algid));
+ ICertificateAuthority caSub =
+ (ICertificateAuthority) CMS.getSubsystem("ca");
+ if (certInfoArray != null && caSub != null) {
+ for (int ix = 0; ix < certInfoArray.length; ix++) {
+ X509CertInfo ci = (X509CertInfo) certInfoArray[ix];
+ String defaultSig = caSub.getDefaultAlgorithm();
+ AlgorithmId algid = AlgorithmId.get(defaultSig);
+ ci.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(algid));
+ }
}
- }
} catch (Exception e) {
- CMS.debug("Failed to set signing alg to certinfo " + e.toString());
+ CMS.debug("Failed to set signing alg to certinfo " + e.toString());
}
req.setExtData(IRequest.CERT_INFO, certInfoArray);
-
if (challengePassword != null && !challengePassword.equals("")) {
String pwd = hashPassword(challengePassword);
@@ -1379,7 +1363,7 @@ public class EnrollServlet extends CMSServlet {
issuedCerts =
cmsReq.getIRequest().getExtDataInCertArray(
- IRequest.ISSUED_CERTS);
+ IRequest.ISSUED_CERTS);
for (int i = 0; i < issuedCerts.length; i++) {
// (automated "agent" cert request processed
@@ -1449,27 +1433,27 @@ public class EnrollServlet extends CMSServlet {
// audit log the success.
long endTime = CMS.getCurrentDate().getTime();
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[]
- { req.getRequestId(),
- initiative,
- mAuthMgr,
- "completed",
- issuedCerts[0].getSubjectDN(),
- "cert issued serial number: 0x" +
- issuedCerts[0].getSerialNumber().toString(16) +
- " time: " +
- (endTime - startTime) }
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[]
+ { req.getRequestId(),
+ initiative,
+ mAuthMgr,
+ "completed",
+ issuedCerts[0].getSubjectDN(),
+ "cert issued serial number: 0x" +
+ issuedCerts[0].getSerialNumber().toString(16) +
+ " time: " +
+ (endTime - startTime) }
+ );
// handle initial admin enrollment if in adminEnroll mode.
checkAdminEnroll(cmsReq, issuedCerts);
// return cert as mime type binary if requested.
if (checkImportCertToNav(cmsReq.getHttpResp(),
- httpParams, issuedCerts[0])) {
+ httpParams, issuedCerts[0])) {
cmsReq.setStatus(CMSRequest.SUCCESS);
for (int i = 0; i < issuedCerts.length; i++) {
@@ -1490,10 +1474,10 @@ public class EnrollServlet extends CMSServlet {
// use success template.
try {
- cmsReq.setResult(issuedCerts);
- renderTemplate(cmsReq, mEnrollSuccessTemplate,
- mEnrollSuccessFiller);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ cmsReq.setResult(issuedCerts);
+ renderTemplate(cmsReq, mEnrollSuccessTemplate,
+ mEnrollSuccessFiller);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
for (int i = 0; i < issuedCerts.length; i++) {
// (automated "agent" cert request processed - "accepted")
@@ -1508,10 +1492,10 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
- mEnrollSuccessFiller.toString(),
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
+ mEnrollSuccessFiller.toString(),
+ e.toString()));
// (automated "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
@@ -1525,7 +1509,7 @@ public class EnrollServlet extends CMSServlet {
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+ CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
@@ -1548,10 +1532,10 @@ public class EnrollServlet extends CMSServlet {
/**
* check if this is first enroll from admin enroll.
- * If so disable admin enroll from here on.
+ * If so disable admin enroll from here on.
*/
protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
- throws EBaseException {
+ throws EBaseException {
// this is special case, get the admin certificate
if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
addAdminAgent(cmsReq, issuedCerts);
@@ -1559,8 +1543,8 @@ public class EnrollServlet extends CMSServlet {
}
}
- protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
- throws EBaseException {
+ protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
+ throws EBaseException {
String userid = cmsReq.getHttpParams().getValueAsString("uid");
IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
@@ -1571,13 +1555,13 @@ public class EnrollServlet extends CMSServlet {
ug.addUserCert(adminuser);
} catch (netscape.ldap.LDAPException e) {
CMS.debug(
- "EnrollServlet: Cannot add admin's certificate to its entry in the " +
- "user group database. Error " + e);
+ "EnrollServlet: Cannot add admin's certificate to its entry in the " +
+ "user group database. Error " + e);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
+ CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
}
- IGroup agentGroup =
- ug.getGroupFromName(CA_AGENT_GROUP);
+ IGroup agentGroup =
+ ug.getGroupFromName(CA_AGENT_GROUP);
if (agentGroup != null) {
// add user to the group if necessary
@@ -1585,15 +1569,15 @@ public class EnrollServlet extends CMSServlet {
agentGroup.addMemberName(userid);
ug.modifyGroup(agentGroup);
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {userid, userid, CA_AGENT_GROUP}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { userid, userid, CA_AGENT_GROUP }
+ );
}
} else {
String msg = "Cannot add admin to the " +
- CA_AGENT_GROUP +
- " group: Group does not exist.";
+ CA_AGENT_GROUP +
+ " group: Group does not exist.";
CMS.debug("EnrollServlet: " + msg);
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR"));
@@ -1635,19 +1619,19 @@ public class EnrollServlet extends CMSServlet {
out.println("<P>");
out.println("<PRE>");
X509CertImpl certs[] =
- cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
out.println(CMS.getEncodedCert(certs[0]));
out.println("</PRE>");
out.println("<P>");
out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
+ cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+ cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+ cmsReq.getIRequest().getRequestId().toString() + ">");
out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
- CMS.getEncodedCert(certs[0]) + ">");
+ CMS.getEncodedCert(certs[0]) + ">");
} else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
out.println("<H1>");
out.println("PENDING");
@@ -1664,11 +1648,11 @@ public class EnrollServlet extends CMSServlet {
out.println(cmsReq.getIRequest().getRequestId().toString());
out.println("<P>");
out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
+ cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+ cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+ cmsReq.getIRequest().getRequestId().toString() + ">");
} else {
out.println("<H1>");
out.println("ERROR");
@@ -1683,21 +1667,21 @@ public class EnrollServlet extends CMSServlet {
out.println("Error: ");
out.println(cmsReq.getError()); // XXX - need to parse in Locale
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT ERROR=" +
- cmsReq.getError() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+ cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT ERROR=" +
+ cmsReq.getError() + ">");
}
/**
- // include all the input data
- ArgBlock args = cmsReq.getHttpParams();
- Enumeration ele = args.getElements();
- while (ele.hasMoreElements()) {
- String eleT = (String)ele.nextElement();
- out.println("<!HTTP_INPUT " + eleT + "=" +
- args.get(eleT) + ">");
- }
+ * // include all the input data
+ * ArgBlock args = cmsReq.getHttpParams();
+ * Enumeration ele = args.getElements();
+ * while (ele.hasMoreElements()) {
+ * String eleT = (String)ele.nextElement();
+ * out.println("<!HTTP_INPUT " + eleT + "=" +
+ * args.get(eleT) + ">");
+ * }
**/
out.println("</HTML>");
@@ -1712,18 +1696,18 @@ public class EnrollServlet extends CMSServlet {
private boolean mIsTestBed = false;
- private void init_testbed_hack(IConfigStore config)
- throws EBaseException {
+ private void init_testbed_hack(IConfigStore config)
+ throws EBaseException {
mIsTestBed = config.getBoolean("isTestBed", true);
}
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param x509cert an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1776,4 +1760,3 @@ public class EnrollServlet extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
index a723cb52..fca81ff4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
/**
* Retrieve certificate by serial number.
*
@@ -83,10 +81,11 @@ public class GetBySerial extends CMSServlet {
super();
}
- /**
+ /**
* Initialize the servlet. This servlet uses the template file
- * "ImportCert.template" to import the cert to the users browser,
- * if that is what the user requested
+ * "ImportCert.template" to import the cert to the users browser,
+ * if that is what the user requested
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber serial number of certificate in HEX
+ * <li>http.param serialNumber serial number of certificate in HEX
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -139,10 +138,10 @@ public class GetBySerial extends CMSServlet {
mAuthzResourceName, "import");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -160,18 +159,18 @@ public class GetBySerial extends CMSServlet {
serialNo = null;
}
if (serial == null || serialNo == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
+ CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo);
if (certRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
cmsReq.setError(new ECMSGWException(
CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
cmsReq.setStatus(CMSRequest.ERROR);
@@ -181,37 +180,37 @@ public class GetBySerial extends CMSServlet {
// if RA, needs requestOwner to match
// first, find the user's group
if (authToken != null) {
- String group = authToken.getInString("group");
-
- if ((group != null) && (group != "")) {
- CMS.debug("GetBySerial process: auth group="+group);
- if (group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- // find the cert record's orig. requestor's group
- MetaInfo metai = certRecord.getMetaInfo();
- if (metai != null) {
- String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
- RequestId rid = new RequestId(reqId);
- IRequest creq = mReqQ.findRequest(rid);
- if (creq != null) {
- String reqOwner = creq.getRequestOwner();
- if (reqOwner != null) {
- CMS.debug("GetBySerial process: req owner="+reqOwner);
- if (reqOwner.equals(group))
- groupMatched = true;
- }
+ String group = authToken.getInString("group");
+
+ if ((group != null) && (group != "")) {
+ CMS.debug("GetBySerial process: auth group=" + group);
+ if (group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ // find the cert record's orig. requestor's group
+ MetaInfo metai = certRecord.getMetaInfo();
+ if (metai != null) {
+ String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
+ RequestId rid = new RequestId(reqId);
+ IRequest creq = mReqQ.findRequest(rid);
+ if (creq != null) {
+ String reqOwner = creq.getRequestOwner();
+ if (reqOwner != null) {
+ CMS.debug("GetBySerial process: req owner=" + reqOwner);
+ if (reqOwner.equals(group))
+ groupMatched = true;
+ }
+ }
+ }
+ if (groupMatched == false) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+ cmsReq.setError(new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
+ cmsReq.setStatus(CMSRequest.ERROR);
+ return;
+ }
}
- }
- if (groupMatched == false) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
- cmsReq.setStatus(CMSRequest.ERROR);
- return;
- }
}
- }
}
X509CertImpl cert = certRecord.getCertificate();
@@ -224,7 +223,7 @@ public class GetBySerial extends CMSServlet {
IArgBlock ctx = CMS.createArgBlock();
Locale[] locale = new Locale[1];
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
CertificateChain cachain = ca.getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -236,7 +235,7 @@ public class GetBySerial extends CMSServlet {
userChain[0] = cert;
PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+ new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
@@ -246,7 +245,7 @@ public class GetBySerial extends CMSServlet {
byte[] p7Bytes = bos.toByteArray();
String p7Str = CMS.BtoA(p7Bytes);
-
+
header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str));
try {
CMSTemplate form = getTemplate(mIETemplate, req, locale);
@@ -256,16 +255,16 @@ public class GetBySerial extends CMSServlet {
form.renderOutput(out, argSet);
return;
} catch (Exception ee) {
- CMS.debug("GetBySerial process: Exception="+ee.toString());
+ CMS.debug("GetBySerial process: Exception=" + ee.toString());
}
} //browser is IE
-
+
MetaInfo metai = certRecord.getMetaInfo();
String crmfReqId = null;
if (metai != null) {
crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID);
- if (crmfReqId != null)
+ if (crmfReqId != null)
cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId);
}
@@ -294,8 +293,7 @@ public class GetBySerial extends CMSServlet {
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
+
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
index b765a2cb..ae759949 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
@@ -15,10 +15,9 @@
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
- package com.netscape.cms.servlet.cert;
+package com.netscape.cms.servlet.cert;
-
- import java.io.ByteArrayOutputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -49,236 +48,237 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
- /**
- * Retrieve the Certificates comprising the CA Chain for this CA.
- *
- * @version $Revision$, $Date$
- */
- public class GetCAChain extends CMSServlet {
- /**
+/**
+ * Retrieve the Certificates comprising the CA Chain for this CA.
+ *
+ * @version $Revision$, $Date$
+ */
+public class GetCAChain extends CMSServlet {
+ /**
*
*/
- private static final long serialVersionUID = -8189048155415074581L;
- private final static String TPL_FILE = "displayCaCert.template";
- private String mFormPath = null;
-
- public GetCAChain() {
- super();
- }
-
- /**
- * initialize the servlet.
- * @param sc servlet configuration, read from the web.xml file
- */
- public void init(ServletConfig sc) throws ServletException {
- super.init(sc);
-
- // override success to display own output.
- mTemplates.remove(CMSRequest.SUCCESS);
- // coming from ee
- mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
- }
-
- /**
- * Process the HTTP request.
- * <ul>
- * <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
- * </ul>
- * @param cmsReq the object holding the request and response information
- */
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
- HttpServletRequest httpReq = cmsReq.getHttpReq();
- HttpServletResponse httpResp = cmsReq.getHttpResp();
-
- IAuthToken authToken = authenticate(cmsReq);
-
- // Construct an ArgBlock
- IArgBlock args = cmsReq.getHttpParams();
-
- // Get the operation code
- String op = null;
-
- op = args.getValueAsString("op", null);
- if (op == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
- }
-
- cmsReq.setStatus(CMSRequest.SUCCESS);
-
- AuthzToken authzToken = null;
-
- if (op.startsWith("download")) {
- try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "download");
- } catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- } catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- }
-
- if (authzToken == null) {
- cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
- return;
- }
-
- downloadChain(op, args, httpReq, httpResp, cmsReq);
- } else if (op.startsWith("display")) {
- try {
- authzToken = mAuthz.authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
- } catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- } catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- }
-
- if (authzToken == null) {
- cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
- return;
- }
-
- displayChain(op, args, httpReq, httpResp, cmsReq);
- } else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
- }
- // cmsReq.setResult(null);
- return;
- }
-
- private void downloadChain(String op,
- IArgBlock args,
- HttpServletRequest httpReq,
- HttpServletResponse httpResp,
- CMSRequest cmsReq)
- throws EBaseException {
-
- /* check browser info ? */
-
- /* check if pkcs7 will work for both nav and ie */
-
- byte[] bytes = null;
-
- /*
- * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
- * This means that we can only hand out the root CA, and not
- * the whole chain.
- */
-
- if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
- X509Certificate[] caCerts =
- ((ICertAuthority) mAuthority).getCACertChain().getChain();
-
- try {
- bytes = caCerts[0].getEncoded();
- } catch (CertificateEncodingException e) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
- }
- } else {
- CertificateChain certChain =
- ((ICertAuthority) mAuthority).getCACertChain();
-
- if (certChain == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
- }
-
- try {
- ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
- certChain.encode(encoded, false);
- bytes = encoded.toByteArray();
- } catch (IOException e) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
- }
- }
-
- String mimeType = null;
-
- if (op.equals("downloadBIN")) {
- mimeType = "application/octet-stream";
- } else {
- try {
- mimeType = args.getValueAsString("mimeType");
- } catch (EBaseException e) {
- mimeType = "application/octet-stream";
- }
- }
-
- try {
- if (op.equals("downloadBIN")) {
- // file suffixes changed to comply with RFC 5280
- // requirements for AIA extensions
- if (clientIsMSIE(httpReq)) {
- httpResp.setHeader("Content-disposition",
- "attachment; filename=ca.cer");
- } else {
- httpResp.setHeader("Content-disposition",
- "attachment; filename=ca.p7c");
- }
- }
- httpResp.setContentType(mimeType);
- httpResp.getOutputStream().write(bytes);
- httpResp.setContentLength(bytes.length);
- httpResp.getOutputStream().flush();
- } catch (IOException e) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
- }
- }
-
- private void displayChain(String op,
- IArgBlock args,
- HttpServletRequest httpReq,
- HttpServletResponse httpResp,
- CMSRequest cmsReq)
- throws EBaseException {
- String outputString = null;
-
- CertificateChain certChain =
- ((ICertAuthority) mAuthority).getCACertChain();
-
- if (certChain == null) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
- }
-
- CMSTemplate form = null;
- Locale[] locale = new Locale[1];
-
- if (mOutputTemplatePath != null)
- mFormPath = mOutputTemplatePath;
+ private static final long serialVersionUID = -8189048155415074581L;
+ private final static String TPL_FILE = "displayCaCert.template";
+ private String mFormPath = null;
+
+ public GetCAChain() {
+ super();
+ }
+
+ /**
+ * initialize the servlet.
+ *
+ * @param sc servlet configuration, read from the web.xml file
+ */
+ public void init(ServletConfig sc) throws ServletException {
+ super.init(sc);
+
+ // override success to display own output.
+ mTemplates.remove(CMSRequest.SUCCESS);
+ // coming from ee
+ mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
+ }
+
+ /**
+ * Process the HTTP request.
+ * <ul>
+ * <li>http.param op 'downloadBIN' - return the binary certificate chain
+ * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * </ul>
+ *
+ * @param cmsReq the object holding the request and response information
+ */
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
+ HttpServletRequest httpReq = cmsReq.getHttpReq();
+ HttpServletResponse httpResp = cmsReq.getHttpResp();
+
+ IAuthToken authToken = authenticate(cmsReq);
+
+ // Construct an ArgBlock
+ IArgBlock args = cmsReq.getHttpParams();
+
+ // Get the operation code
+ String op = null;
+
+ op = args.getValueAsString("op", null);
+ if (op == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
+ }
+
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+
+ AuthzToken authzToken = null;
+
+ if (op.startsWith("download")) {
+ try {
+ authzToken = authorize(mAclMethod, authToken,
+ mAuthzResourceName, "download");
+ } catch (EAuthzAccessDenied e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ }
+
+ if (authzToken == null) {
+ cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ return;
+ }
+
+ downloadChain(op, args, httpReq, httpResp, cmsReq);
+ } else if (op.startsWith("display")) {
+ try {
+ authzToken = mAuthz.authorize(mAclMethod, authToken,
+ mAuthzResourceName, "read");
+ } catch (EAuthzAccessDenied e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ }
+
+ if (authzToken == null) {
+ cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ return;
+ }
+
+ displayChain(op, args, httpReq, httpResp, cmsReq);
+ } else {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+ }
+ // cmsReq.setResult(null);
+ return;
+ }
+
+ private void downloadChain(String op,
+ IArgBlock args,
+ HttpServletRequest httpReq,
+ HttpServletResponse httpResp,
+ CMSRequest cmsReq)
+ throws EBaseException {
+
+ /* check browser info ? */
+
+ /* check if pkcs7 will work for both nav and ie */
+
+ byte[] bytes = null;
+
+ /*
+ * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
+ * This means that we can only hand out the root CA, and not
+ * the whole chain.
+ */
+
+ if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
+ X509Certificate[] caCerts =
+ ((ICertAuthority) mAuthority).getCACertChain().getChain();
+
+ try {
+ bytes = caCerts[0].getEncoded();
+ } catch (CertificateEncodingException e) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
+ }
+ } else {
+ CertificateChain certChain =
+ ((ICertAuthority) mAuthority).getCACertChain();
+
+ if (certChain == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
+ }
+
+ try {
+ ByteArrayOutputStream encoded = new ByteArrayOutputStream();
+
+ certChain.encode(encoded, false);
+ bytes = encoded.toByteArray();
+ } catch (IOException e) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ }
+ }
+
+ String mimeType = null;
+
+ if (op.equals("downloadBIN")) {
+ mimeType = "application/octet-stream";
+ } else {
+ try {
+ mimeType = args.getValueAsString("mimeType");
+ } catch (EBaseException e) {
+ mimeType = "application/octet-stream";
+ }
+ }
+
+ try {
+ if (op.equals("downloadBIN")) {
+ // file suffixes changed to comply with RFC 5280
+ // requirements for AIA extensions
+ if (clientIsMSIE(httpReq)) {
+ httpResp.setHeader("Content-disposition",
+ "attachment; filename=ca.cer");
+ } else {
+ httpResp.setHeader("Content-disposition",
+ "attachment; filename=ca.p7c");
+ }
+ }
+ httpResp.setContentType(mimeType);
+ httpResp.getOutputStream().write(bytes);
+ httpResp.setContentLength(bytes.length);
+ httpResp.getOutputStream().flush();
+ } catch (IOException e) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+ }
+ }
+
+ private void displayChain(String op,
+ IArgBlock args,
+ HttpServletRequest httpReq,
+ HttpServletResponse httpResp,
+ CMSRequest cmsReq)
+ throws EBaseException {
+ String outputString = null;
+
+ CertificateChain certChain =
+ ((ICertAuthority) mAuthority).getCACertChain();
+
+ if (certChain == null) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+ }
+
+ CMSTemplate form = null;
+ Locale[] locale = new Locale[1];
+
+ if (mOutputTemplatePath != null)
+ mFormPath = mOutputTemplatePath;
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -306,7 +306,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
byte[] bytes = null;
try {
- subjectdn =
+ subjectdn =
certChain.getFirstCertificate().getSubjectDN().toString();
ByteArrayOutputStream encoded = new ByteArrayOutputStream();
@@ -315,14 +315,14 @@ import com.netscape.cms.servlet.common.ECMSGWException;
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
}
String chainBase64 = getBase64(bytes);
header.addStringValue("subjectdn", subjectdn);
header.addStringValue("chainBase64", chainBase64);
- } else {
+ } else {
try {
X509Certificate[] certs = certChain.getChain();
@@ -339,13 +339,13 @@ import com.netscape.cms.servlet.common.ECMSGWException;
String subjectdn = certs[i].getSubjectDN().toString();
String finger = null;
try {
- finger = CMS.getFingerPrints(certs[i]);
+ finger = CMS.getFingerPrints(certs[i]);
} catch (Exception e) {
throw new IOException("Internal Error");
}
- ICertPrettyPrint certDetails =
- CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
+ ICertPrettyPrint certDetails =
+ CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
IArgBlock rarg = CMS.createArgBlock();
@@ -353,14 +353,14 @@ import com.netscape.cms.servlet.common.ECMSGWException;
rarg.addStringValue("subjectdn", subjectdn);
rarg.addStringValue("base64", getBase64(bytes));
rarg.addStringValue("certDetails",
- certDetails.toString(locale[0]));
+ certDetails.toString(locale[0]));
argSet.addRepeatRecord(rarg);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
}
}
@@ -371,10 +371,10 @@ import com.netscape.cms.servlet.common.ECMSGWException;
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
index 2bbec482..21a0c1d2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Retrieve CRL for a Certificate Authority
- *
+ *
* @version $Revision$, $Date$
*/
public class GetCRL extends CMSServlet {
@@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -79,15 +78,14 @@ public class GetCRL extends CMSServlet {
mFormPath = mOutputTemplatePath;
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
- * @see DisplayCRL#process
+ * @see DisplayCRL#process
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -100,10 +98,10 @@ public class GetCRL extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -117,7 +115,7 @@ public class GetCRL extends CMSServlet {
if (!(mAuthority instanceof ICertificateAuthority)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -125,14 +123,14 @@ public class GetCRL extends CMSServlet {
CMSTemplate form = null;
Locale[] locale = new Locale[1];
-CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
+ CMS.debug("**** mFormPath before getTemplate = " + mFormPath);
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -150,14 +148,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
if (op == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
+ CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
if (crlId == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
+ CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -165,23 +163,24 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
ICRLIssuingPointRecord crlRecord = null;
ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
ICRLIssuingPoint crlIP = null;
- if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId);
+ if (ca != null)
+ crlIP = ca.getCRLIssuingPoint(crlId);
try {
crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
+ CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
if (crlRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+ CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -201,12 +200,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
}
if ((op.equals("checkCRLcache") ||
- (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
- (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
+ (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
+ (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
cmsReq.setError(
- CMS.getUserMessage(
- ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())?
- "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
+ CMS.getUserMessage(
+ ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ?
+ "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -214,26 +213,26 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
byte[] crlbytes = null;
if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") ||
- (op.equals("displayCRL") && crlDisplayType != null &&
- crlDisplayType.equals("deltaCRL"))) {
+ (op.equals("displayCRL") && crlDisplayType != null &&
+ crlDisplayType.equals("deltaCRL"))) {
crlbytes = crlRecord.getDeltaCRL();
} else if (op.equals("importCRL") || op.equals("getCRL") ||
op.equals("checkCRL") ||
(op.equals("displayCRL") &&
- crlDisplayType != null &&
+ crlDisplayType != null &&
(crlDisplayType.equals("entireCRL") ||
- crlDisplayType.equals("crlHeader") ||
+ crlDisplayType.equals("crlHeader") ||
crlDisplayType.equals("base64Encoded")))) {
crlbytes = crlRecord.getCRL();
- }
+ }
if (crlbytes == null && (!op.equals("checkCRLcache")) &&
- (!(op.equals("displayCRL") && crlDisplayType != null &&
- crlDisplayType.equals("cachedCRL")))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+ (!(op.equals("displayCRL") && crlDisplayType != null &&
+ crlDisplayType.equals("cachedCRL")))) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+ CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -242,15 +241,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
X509CRLImpl crl = null;
if (op.equals("checkCRL") || op.equals("importCRL") ||
- op.equals("importDeltaCRL") ||
- (op.equals("displayCRL") && crlDisplayType != null &&
- (crlDisplayType.equals("entireCRL") ||
- crlDisplayType.equals("crlHeader") ||
- crlDisplayType.equals("base64Encoded") ||
- crlDisplayType.equals("deltaCRL")))) {
+ op.equals("importDeltaCRL") ||
+ (op.equals("displayCRL") && crlDisplayType != null &&
+ (crlDisplayType.equals("entireCRL") ||
+ crlDisplayType.equals("crlHeader") ||
+ crlDisplayType.equals("base64Encoded") ||
+ crlDisplayType.equals("deltaCRL")))) {
try {
if (op.equals("displayCRL") && crlDisplayType != null &&
- crlDisplayType.equals("crlHeader")) {
+ crlDisplayType.equals("crlHeader")) {
crl = new X509CRLImpl(crlbytes, false);
} else {
crl = new X509CRLImpl(crlbytes);
@@ -258,25 +257,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
} catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
+ CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") &&
- crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
- ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
- (crlRecord.getCRLNumber() == null ||
- crlRecord.getDeltaCRLNumber() == null ||
- crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
- crlRecord.getDeltaCRLSize() == null ||
+ crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
+ ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
+ (crlRecord.getCRLNumber() == null ||
+ crlRecord.getDeltaCRLNumber() == null ||
+ crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
+ crlRecord.getDeltaCRLSize() == null ||
crlRecord.getDeltaCRLSize().longValue() == -1))) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+ CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
- }
+ }
String mimeType = "application/x-pkcs7-crl";
@@ -300,13 +299,13 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
if (op.equals("checkCRL")) {
header.addBooleanValue("isOnCRL",
- crl.isRevoked(new BigInteger(certSerialNumber)));
+ crl.isRevoked(new BigInteger(certSerialNumber)));
}
if (op.equals("displayCRL")) {
if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
- ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))?
- CMS.getCRLPrettyPrint(crl):
+ ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ?
+ CMS.getCRLPrettyPrint(crl) :
CMS.getCRLCachePrettyPrint(crlIP);
String pageStart = args.getValueAsString("pageStart", null);
String pageSize = args.getValueAsString("pageSize", null);
@@ -315,22 +314,23 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
long lPageStart = new Long(pageStart).longValue();
long lPageSize = new Long(pageSize).longValue();
- if (lPageStart < 1) lPageStart = 1;
+ if (lPageStart < 1)
+ lPageStart = 1;
header.addStringValue("crlPrettyPrint",
crlDetails.toString(locale[0],
- lCRLSize, lPageStart, lPageSize));
+ lCRLSize, lPageStart, lPageSize));
header.addLongValue("pageStart", lPageStart);
header.addLongValue("pageSize", lPageSize);
} else {
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale[0]));
+ "crlPrettyPrint", crlDetails.toString(locale[0]));
}
} else if (crlDisplayType.equals("crlHeader")) {
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
+ "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
} else if (crlDisplayType.equals("base64Encoded")) {
try {
byte[] ba = crl.getEncoded();
@@ -365,12 +365,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
}
} else if (crlDisplayType.equals("deltaCRL")) {
header.addIntegerValue("deltaCRLSize",
- crl.getNumberOfRevokedCertificates());
+ crl.getNumberOfRevokedCertificates());
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
+ "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
try {
byte[] ba = crl.getEncoded();
@@ -413,10 +413,10 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
return;
@@ -428,15 +428,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
} else if (op.equals("getCRL")) {
mimeType = "application/octet-stream";
httpResp.setHeader("Content-disposition",
- "attachment; filename=" + crlId + ".crl");
+ "attachment; filename=" + crlId + ".crl");
} else if (op.equals("getDeltaCRL")) {
mimeType = "application/octet-stream";
httpResp.setHeader("Content-disposition",
- "attachment; filename=delta-" + crlId + ".crl");
+ "attachment; filename=delta-" + crlId + ".crl");
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+ CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
}
try {
@@ -450,7 +450,7 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
}
// cmsReq.setResult(null);
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
index 5909bc4b..4d1fe7b9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Locale;
@@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
- * Gets a issued certificate from a request id.
- *
+ * Gets a issued certificate from a request id.
+ *
* @version $Revision$, $Date$
*/
public class GetCertFromRequest extends CMSServlet {
@@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet {
*/
private static final long serialVersionUID = 5310646832256611066L;
private final static String PROP_IMPORT = "importCert";
- protected static final String
- GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
- protected static final String
- DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
+ protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
+ protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
protected static final String REQUEST_ID = "requestId";
protected static final String CERT_TYPE = "certtype";
- protected String mCertFrReqSuccessTemplate = null;
+ protected String mCertFrReqSuccessTemplate = null;
protected ICMSTemplateFiller mCertFrReqFiller = null;
protected IRequestQueue mQueue = null;
protected boolean mImportCert = true;
- public GetCertFromRequest() {
+ public GetCertFromRequest() {
super();
}
/**
* initialize the servlet. This servlet uses the template files
- * "displayCertFromRequest.template" and "ImportCert.template"
+ * "displayCertFromRequest.template" and "ImportCert.template"
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -102,23 +99,23 @@ public class GetCertFromRequest extends CMSServlet {
if (mImportCert)
defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE;
- else
+ else
defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE;
if (mAuthority instanceof IRegistrationAuthority)
defTemplate = "/ra/" + defTemplate;
- else
+ else
defTemplate = "/ca/" + defTemplate;
mCertFrReqSuccessTemplate = sc.getInitParameter(
PROP_SUCCESS_TEMPLATE);
if (mCertFrReqSuccessTemplate == null)
mCertFrReqSuccessTemplate = defTemplate;
String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mCertFrReqFiller = filler;
} else {
mCertFrReqFiller = new CertFrRequestFiller();
@@ -126,22 +123,21 @@ public class GetCertFromRequest extends CMSServlet {
} catch (Exception e) {
// should never happen.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+ mId));
}
}
-
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param requestId The request ID to search on
+ * <li>http.param requestId The request ID to search on
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -154,10 +150,10 @@ public class GetCertFromRequest extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -165,7 +161,7 @@ public class GetCertFromRequest extends CMSServlet {
return;
}
- String requestId = httpParams.getValueAsString(REQUEST_ID, null);
+ String requestId = httpParams.getValueAsString(REQUEST_ID, null);
if (requestId == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
@@ -185,51 +181,51 @@ public class GetCertFromRequest extends CMSServlet {
if (r == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
}
if (authToken != null) {
- //if RA, group and requestOwner must match
- String group = authToken.getInString("group");
- if ((group != null) && (group != "") &&
- group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- String reqOwner = r.getRequestOwner();
- if (reqOwner != null) {
- CMS.debug("GetCertFromRequest process: req owner="+reqOwner);
- if (reqOwner.equals(group))
- groupMatched = true;
- }
- if (groupMatched == false) {
- CMS.debug("RA group unmatched");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ //if RA, group and requestOwner must match
+ String group = authToken.getInString("group");
+ if ((group != null) && (group != "") &&
+ group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ String reqOwner = r.getRequestOwner();
+ if (reqOwner != null) {
+ CMS.debug("GetCertFromRequest process: req owner=" + reqOwner);
+ if (reqOwner.equals(group))
+ groupMatched = true;
+ }
+ if (groupMatched == false) {
+ CMS.debug("RA group unmatched");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ }
}
- }
}
if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
}
RequestStatus status = r.getRequestStatus();
if (!status.equals(RequestStatus.COMPLETE)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
+ CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
}
Integer result = r.getExtDataInInteger(IRequest.RESULT);
if (result != null && !result.equals(IRequest.RES_SUCCESS)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
+ CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
}
Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
@@ -242,19 +238,19 @@ public class GetCertFromRequest extends CMSServlet {
o = certs;
}
if (o == null || !(o instanceof X509CertImpl[])) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+ CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
}
if (o instanceof X509CertImpl[]) {
X509CertImpl[] certs = (X509CertImpl[]) o;
if (certs == null || certs.length == 0 || certs[0] == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+ CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
}
// for importsCert to get the crmf_reqid.
@@ -263,7 +259,7 @@ public class GetCertFromRequest extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
if (mImportCert &&
- checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
+ checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
return;
}
try {
@@ -271,26 +267,25 @@ public class GetCertFromRequest extends CMSServlet {
renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
- mCertFrReqSuccessTemplate, e.toString()));
+ CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+ mCertFrReqSuccessTemplate, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
return;
}
}
-
class CertFrRequestFiller extends ImportCertsTemplateFiller {
public CertFrRequestFiller() {
}
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
- CMSTemplateParams tparams =
- super.getTemplateParams(cmsReq, authority, locale, e);
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
+ CMSTemplateParams tparams =
+ super.getTemplateParams(cmsReq, authority, locale, e);
String reqId = cmsReq.getHttpParams().getValueAsString(
GetCertFromRequest.REQUEST_ID);
@@ -329,11 +324,11 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller {
}
if (ext instanceof KeyUsageExtension) {
KeyUsageExtension usage =
- (KeyUsageExtension) ext;
+ (KeyUsageExtension) ext;
try {
if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
- ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+ ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
emailCert = true;
} catch (ArrayIndexOutOfBoundsException e0) {
// bug356108:
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
index 8b5536ea..e589cc06 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Servlet to get the enrollment status, enable or disable.
- *
+ *
* @version $Revision$, $Date$
*/
public class GetEnableStatus extends CMSServlet {
@@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet {
}
/**
- * initialize the servlet.
+ * initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -80,15 +79,15 @@ public class GetEnableStatus extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -115,7 +114,7 @@ public class GetEnableStatus extends CMSServlet {
if (!(mAuthority instanceof IRegistrationAuthority)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
- mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
+ mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -164,10 +163,10 @@ public class GetEnableStatus extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
index 9d83d430..7217435a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Enumeration;
@@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Get detailed information about CA CRL processing
- *
+ *
* @version $Revision$, $Date$
*/
public class GetInfo extends CMSServlet {
@@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet {
}
/**
- * XXX Process the HTTP request.
+ * XXX Process the HTTP request.
* <ul>
* <li>http.param template filename of template to use to render the result
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -109,10 +108,10 @@ public class GetInfo extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -129,35 +128,34 @@ public class GetInfo extends CMSServlet {
String template = req.getParameter("template");
String formFile = "";
-/*
- for (int i = 0; ((template != null) && (i < template.length())); i++) {
- char c = template.charAt(i);
- if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
- template = null;
- break;
- }
- }
-*/
-
+ /*
+ for (int i = 0; ((template != null) && (i < template.length())); i++) {
+ char c = template.charAt(i);
+ if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
+ template = null;
+ break;
+ }
+ }
+ */
if (template != null) {
formFile = template + ".template";
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
CMSTemplate form = null;
Locale[] locale = new Locale[1];
-CMS.debug("*** formFile = "+formFile);
+ CMS.debug("*** formFile = " + formFile);
try {
form = getTemplate(formFile, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -172,29 +170,29 @@ CMS.debug("*** formFile = "+formFile);
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ Locale locale)
+ throws EBaseException {
if (mCA != null) {
String crlIssuingPoints = "";
String crlNumbers = "";
@@ -209,15 +207,15 @@ CMS.debug("*** formFile = "+formFile);
String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-
+
if (masterHost != null && masterHost.length() > 0 &&
- masterPort != null && masterPort.length() > 0) {
+ masterPort != null && masterPort.length() > 0) {
ICRLRepository crlRepository = mCA.getCRLRepository();
Vector ipNames = crlRepository.getIssuingPointsNames();
for (int i = 0; i < ipNames.size(); i++) {
- String ipName = (String)ipNames.elementAt(i);
+ String ipName = (String) ipNames.elementAt(i);
ICRLIssuingPointRecord crlRecord = null;
try {
crlRecord = crlRepository.readCRLIssuingPointRecord(ipName);
@@ -236,8 +234,8 @@ CMS.debug("*** formFile = "+formFile);
if (crlSizes.length() > 0)
crlSizes += "+";
- crlSizes += ((crlRecord.getCRLSize() != null)?
- crlRecord.getCRLSize().toString(): "-1");
+ crlSizes += ((crlRecord.getCRLSize() != null) ?
+ crlRecord.getCRLSize().toString() : "-1");
if (deltaSizes.length() > 0)
deltaSizes += "+";
@@ -307,7 +305,7 @@ CMS.debug("*** formFile = "+formFile);
recentChanges += "Publishing CRL #" + ip.getCRLNumber();
} else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) {
recentChanges += "Creating CRL #" + ip.getNextCRLNumber();
- } else { // ip.CRL_UPDATE_DONE
+ } else { // ip.CRL_UPDATE_DONE
recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " +
ip.getNumberOfRecentlyUnrevokedCerts() + ", " +
ip.getNumberOfRecentlyExpiredCerts();
@@ -326,7 +324,7 @@ CMS.debug("*** formFile = "+formFile);
if (crlTesting.length() > 0)
crlTesting += "+";
- crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0");
+ crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0");
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
index 5507cadf..955f8a86 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
* performs face-to-face enrollment.
- *
+ *
* @version $Revision$, $Date$
*/
public class HashEnrollServlet extends CMSServlet {
@@ -100,8 +98,7 @@ public class HashEnrollServlet extends CMSServlet {
public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll";
// enrollment templates.
- public static final String
- ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
+ public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
// http params
public static final String OLD_CERT_TYPE = "csrCertType";
@@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet {
private boolean mAuthTokenOverride = true;
private String mEnrollSuccessTemplate = null;
- private ICMSTemplateFiller
- mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+ private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
ICertificateAuthority mCa = null;
ICertificateRepository mRepository = null;
@@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -146,13 +143,13 @@ public class HashEnrollServlet extends CMSServlet {
CMSServlet.PROP_SUCCESS_TEMPLATE);
if (mEnrollSuccessTemplate == null)
mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
- String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername =
+ sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mEnrollSuccessFiller = filler;
}
@@ -162,19 +159,18 @@ public class HashEnrollServlet extends CMSServlet {
init_testbed_hack(mConfig);
} catch (Exception e) {
// this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
}
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -193,7 +189,7 @@ public class HashEnrollServlet extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
IAuthSubsystem authSS = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
@@ -226,14 +222,15 @@ public class HashEnrollServlet extends CMSServlet {
certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
if (certType == null) {
certType = httpParams.getValueAsString(CERT_TYPE, "client");
- } else {;
- }
+ } else {
+ ;
+ }
- processX509(cmsReq);
+ processX509(cmsReq);
}
-
+
private void printError(CMSRequest cmsReq, String errorCode)
- throws EBaseException {
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -253,9 +250,9 @@ public class HashEnrollServlet extends CMSServlet {
form = getTemplate(formPath, httpReq, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -267,16 +264,16 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+ e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
}
- protected void processX509(CMSRequest cmsReq)
- throws EBaseException {
+ protected void processX509(CMSRequest cmsReq)
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -296,7 +293,7 @@ public class HashEnrollServlet extends CMSServlet {
boolean certAuthEnroll = false;
String certAuthEnrollOn =
- httpParams.getValueAsString("certauthEnroll", null);
+ httpParams.getValueAsString("certauthEnroll", null);
X509CertInfo new_certInfo = null;
if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
@@ -307,7 +304,7 @@ public class HashEnrollServlet extends CMSServlet {
String certauthEnrollType = null;
if (certAuthEnroll == true) {
- certauthEnrollType =
+ certauthEnrollType =
httpParams.getValueAsString("certauthEnrollType", null);
if (certauthEnrollType != null) {
if (certauthEnrollType.equals("dual")) {
@@ -318,15 +315,15 @@ public class HashEnrollServlet extends CMSServlet {
CMS.debug("HashEnrollServlet: certauthEnrollType is single");
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+ CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
}
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
}
}
@@ -365,7 +362,7 @@ public class HashEnrollServlet extends CMSServlet {
if (sslClientCert == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+ CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
}
certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString();
@@ -373,24 +370,24 @@ public class HashEnrollServlet extends CMSServlet {
try {
certInfo = (X509CertInfo)
((X509CertImpl) sslClientCert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+ CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
}
} else {
certInfo = CMS.getDefaultX509CertInfo();
}
- X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+ X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
//AuthToken authToken = access.getAuthToken();
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
IAuthSubsystem authSS = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr1 = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr1;
String pageID = httpParams.getValueAsString("pageID", null);
@@ -405,14 +402,14 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
} else {
- authMgr =
+ authMgr =
authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
// don't store agent token in request.
// agent currently used for bulk issuance.
// if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- log(ILogger.LL_INFO,
- "Enrollment request was authenticated by " +
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+ log(ILogger.LL_INFO,
+ "Enrollment request was authenticated by " +
+ authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
fillCertInfoFromAuthToken(certInfo, authToken);
// save authtoken attrs to request directly (for policy use)
saveAuthToken(authToken, req);
@@ -421,8 +418,8 @@ public class HashEnrollServlet extends CMSServlet {
}
// fill certInfo from input types: keygen, cmc, pkcs10 or crmf
- KeyGenInfo keyGenInfo =
- httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);
+ KeyGenInfo keyGenInfo =
+ httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);
String certType = null;
@@ -441,8 +438,8 @@ public class HashEnrollServlet extends CMSServlet {
req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType);
}
- String crmf =
- httpParams.getValueAsString(CRMF_REQUEST, null);
+ String crmf =
+ httpParams.getValueAsString(CRMF_REQUEST, null);
if (certAuthEnroll == true) {
@@ -452,24 +449,24 @@ public class HashEnrollServlet extends CMSServlet {
if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
if (mCa == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NOT_A_CA"));
+ CMS.getLogMessage("CMSGW_NOT_A_CA"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+ CMS.getUserMessage("CMS_GW_NOT_A_CA"));
}
// first, make sure the client cert is indeed a
// signing only cert
if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
false) ||
- ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+ ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
true) &&
(CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
true))) {
// either it's not a signing cert, or it's a dual cert
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+ CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
}
X509Key key = null;
@@ -478,22 +475,22 @@ public class HashEnrollServlet extends CMSServlet {
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
}
String filter =
- "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
- ICertRecordList list =
- (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
- null, 10);
+ "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
+ ICertRecordList list =
+ (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
+ null, 10);
int size = list.getSize();
Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
boolean gotEncCert = false;
@@ -502,8 +499,8 @@ public class HashEnrollServlet extends CMSServlet {
// pairing encryption cert not found
} else {
X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
- X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
- encCertInfo};
+ X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+ encCertInfo };
int i = 1;
while (en.hasMoreElements()) {
@@ -512,7 +509,7 @@ public class HashEnrollServlet extends CMSServlet {
// if not encryption cert only, try next one
if ((CMS.isEncryptionCert(cert) == false) ||
- ((CMS.isEncryptionCert(cert) == true) &&
+ ((CMS.isEncryptionCert(cert) == true) &&
(CMS.isSigningCert(cert) == true))) {
continue;
}
@@ -521,27 +518,27 @@ public class HashEnrollServlet extends CMSServlet {
try {
encCertInfo = (X509CertInfo)
cert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+ CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
}
try {
encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
}
fillCertInfoFromAuthToken(encCertInfo, authToken);
@@ -555,24 +552,24 @@ public class HashEnrollServlet extends CMSServlet {
if (gotEncCert == false) {
// encryption cert not found, bail
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
// first, make sure the client cert is indeed a
// signing only cert
if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
false) ||
- ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+ ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
true) &&
(CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
true))) {
// either it's not a signing cert, or it's a dual cert
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+ CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
}
/*
@@ -581,14 +578,14 @@ public class HashEnrollServlet extends CMSServlet {
if (crmf != null && crmf != "") {
certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
CMS.debug(
- "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
+ "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
- "CMS_GW_MISSING_KEYGEN_INFO"));
+ "CMS_GW_MISSING_KEYGEN_INFO"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
// have to be buried here to handle the issuer
@@ -596,21 +593,21 @@ public class HashEnrollServlet extends CMSServlet {
if (crmf != null && crmf != "") {
certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
- "CMS_GW_MISSING_KEYGEN_INFO"));
+ "CMS_GW_MISSING_KEYGEN_INFO"));
}
req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ sslClientCert.getIssuerDN().toString());
}
} else if (crmf != null && crmf != "") {
certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
- "CMS_GW_MISSING_KEYGEN_INFO"));
+ "CMS_GW_MISSING_KEYGEN_INFO"));
}
req.setExtData(IRequest.CERT_INFO, certInfoArray);
@@ -648,7 +645,7 @@ public class HashEnrollServlet extends CMSServlet {
} else {
agentID = authToken.getInString("userid");
initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
- }
+ }
// if service not complete return standard templates.
RequestStatus status = req.getRequestStatus();
@@ -668,52 +665,52 @@ public class HashEnrollServlet extends CMSServlet {
wholeMsg.append("\n");
wholeMsg.append(msgs.nextElement());
}
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT),
- " violation: " +
- wholeMsg.toString()},
- ILogger.L_MULTILINE
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT),
+ " violation: " +
+ wholeMsg.toString() },
+ ILogger.L_MULTILINE
+ );
} else { // no policy violation, from agent
mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT), "" }
+ );
+ }
+ } else { // other imcomplete status
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
AuditFormat.ENROLLMENTFORMAT,
new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
- }
- } else { // other imcomplete status
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT), "" }
+ );
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
}
return;
}
@@ -725,7 +722,7 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
String[] svcErrors =
- req.getExtDataInStringArray(IRequest.SVCERRORS);
+ req.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -738,26 +735,26 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setErrorDescription(err);
// audit log the error
try {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed with error: " +
- err,
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed with error: " +
+ err,
+ certInfo.get(X509CertInfo.SUBJECT), "" }
+ );
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ e.toString()));
}
}
}
@@ -768,53 +765,53 @@ public class HashEnrollServlet extends CMSServlet {
// service success
cmsReq.setStatus(CMSRequest.SUCCESS);
X509CertImpl[] issuedCerts =
- req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
// audit log the success.
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed",
- issuedCerts[0].getSubjectDN(),
- "cert issued serial number: 0x" +
- issuedCerts[0].getSerialNumber().toString(16)}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ issuedCerts[0].getSubjectDN(),
+ "cert issued serial number: 0x" +
+ issuedCerts[0].getSerialNumber().toString(16) }
+ );
// return cert as mime type binary if requested.
if (checkImportCertToNav(
- cmsReq.getHttpResp(), httpParams, issuedCerts[0])) {
+ cmsReq.getHttpResp(), httpParams, issuedCerts[0])) {
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
-
+
// use success template.
try {
- cmsReq.setResult(issuedCerts);
- renderTemplate(cmsReq, mEnrollSuccessTemplate,
- mEnrollSuccessFiller);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ cmsReq.setResult(issuedCerts);
+ renderTemplate(cmsReq, mEnrollSuccessTemplate,
+ mEnrollSuccessFiller);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+ CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
}
return;
}
/**
- * fill subject name, validity, extensions from authoken if any,
- * overriding what was in pkcs10.
- * fill subject name, extensions from http input if not authenticated.
- * requests not authenticated will need to be approved by an agent.
+ * fill subject name, validity, extensions from authoken if any,
+ * overriding what was in pkcs10.
+ * fill subject name, extensions from http input if not authenticated.
+ * requests not authenticated will need to be approved by an agent.
*/
protected void fillCertInfoFromAuthToken(
- X509CertInfo certInfo, IAuthToken authToken)
- throws EBaseException {
+ X509CertInfo certInfo, IAuthToken authToken)
+ throws EBaseException {
// override subject, validity and extensions from auth token
// CA determines algorithm, version and issuer.
// take key from keygen, cmc, pkcs10 or crmf.
@@ -822,89 +819,89 @@ public class HashEnrollServlet extends CMSServlet {
// subject name.
try {
String subjectname =
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
if (subjectname != null) {
CertificateSubjectName certSubject = (CertificateSubjectName)
- new CertificateSubjectName(new X500Name(subjectname));
+ new CertificateSubjectName(new X500Name(subjectname));
certInfo.set(X509CertInfo.SUBJECT, certSubject);
- log(ILogger.LL_INFO,
- "cert subject set to " + certSubject + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert subject set to " + certSubject + " from authtoken");
}
} catch (CertificateException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
// validity
try {
CertificateValidity validity = null;
- Date notBefore =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
- Date notAfter =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+ Date notBefore =
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+ Date notAfter =
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO,
- "cert validity set to " + validity + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert validity set to " + validity + " from authtoken");
}
} catch (CertificateException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
- e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
}
-
+
// extensions
try {
CertificateExtensions extensions =
- authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+ authToken.getInCertExts(X509CertInfo.EXTENSIONS);
if (extensions != null) {
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
log(ILogger.LL_INFO, "cert extensions set from authtoken");
}
} catch (CertificateException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
- e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
}
}
protected X509CertInfo[] fillCRMF(
- String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
try {
byte[] crmfBlob = CMS.AtoB(crmf);
ByteArrayInputStream crmfBlobIn =
- new ByteArrayInputStream(crmfBlob);
-
+ new ByteArrayInputStream(crmfBlob);
+
SEQUENCE crmfMsgs = (SEQUENCE)
- new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+ new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -951,27 +948,27 @@ public class HashEnrollServlet extends CMSServlet {
if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
- certInfo.set(X509CertInfo.VALIDITY, certValidity);
+ certInfo.set(X509CertInfo.VALIDITY, certValidity);
}
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream =
+ new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
- } else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ certInfo.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(subject));
+ } else if (authToken == null ||
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// No subject name - error!
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
// get extensions
@@ -979,7 +976,7 @@ public class HashEnrollServlet extends CMSServlet {
try {
extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ certInfo.get(X509CertInfo.EXTENSIONS);
} catch (CertificateException e) {
extensions = null;
} catch (IOException e) {
@@ -989,40 +986,40 @@ public class HashEnrollServlet extends CMSServlet {
// put each extension from CRMF into CertInfo.
// index by extension name, consistent with
// CertificateExtensions.parseExtension() method.
- if (extensions == null)
+ if (extensions == null)
extensions = new CertificateExtensions();
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext =
- certTemplate.extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext =
+ certTemplate.extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
- jssext.getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
+ jssext.getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid =
- new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue =
- jssext.getExtnValue();
- ByteArrayOutputStream jssvalueout =
- new ByteArrayOutputStream();
+ ObjectIdentifier oid =
+ new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue =
+ jssext.getExtnValue();
+ ByteArrayOutputStream jssvalueout =
+ new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext =
- new Extension(oid, isCritical, extValue);
+ Extension ext =
+ new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
@@ -1034,8 +1031,8 @@ public class HashEnrollServlet extends CMSServlet {
// to have the control of the subject name
// formulation.
// -- CRMFfillCert
- if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+ if (authToken != null &&
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
// if authenticated override subect name, validity and
// extensions if any from authtoken.
fillCertInfoFromAuthToken(certInfo, authToken);
@@ -1048,27 +1045,27 @@ public class HashEnrollServlet extends CMSServlet {
return certInfoArray;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
@@ -1107,19 +1104,19 @@ public class HashEnrollServlet extends CMSServlet {
out.println("<P>");
out.println("<PRE>");
X509CertImpl certs[] =
- cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
out.println(CMS.getEncodedCert(certs[0]));
out.println("</PRE>");
out.println("<P>");
out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
+ cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+ cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+ cmsReq.getIRequest().getRequestId().toString() + ">");
out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
- CMS.getEncodedCert(certs[0]) + ">");
+ CMS.getEncodedCert(certs[0]) + ">");
} else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
out.println("<H1>");
out.println("PENDING");
@@ -1136,11 +1133,11 @@ public class HashEnrollServlet extends CMSServlet {
out.println(cmsReq.getIRequest().getRequestId().toString());
out.println("<P>");
out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
+ cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+ cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+ cmsReq.getIRequest().getRequestId().toString() + ">");
} else {
out.println("<H1>");
out.println("ERROR");
@@ -1155,21 +1152,21 @@ public class HashEnrollServlet extends CMSServlet {
out.println("Error: ");
out.println(cmsReq.getError()); // XXX - need to parse in Locale
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT ERROR=" +
- cmsReq.getError() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+ cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT ERROR=" +
+ cmsReq.getError() + ">");
}
/**
- // include all the input data
- IArgBlock args = cmsReq.getHttpParams();
- Enumeration ele = args.getElements();
- while (ele.hasMoreElements()) {
- String eleT = (String)ele.nextElement();
- out.println("<!HTTP_INPUT " + eleT + "=" +
- args.get(eleT) + ">");
- }
+ * // include all the input data
+ * IArgBlock args = cmsReq.getHttpParams();
+ * Enumeration ele = args.getElements();
+ * while (ele.hasMoreElements()) {
+ * String eleT = (String)ele.nextElement();
+ * out.println("<!HTTP_INPUT " + eleT + "=" +
+ * args.get(eleT) + ">");
+ * }
**/
out.println("</HTML>");
@@ -1184,32 +1181,32 @@ public class HashEnrollServlet extends CMSServlet {
private boolean mIsTestBed = false;
- private void init_testbed_hack(IConfigStore config)
- throws EBaseException {
+ private void init_testbed_hack(IConfigStore config)
+ throws EBaseException {
mIsTestBed = config.getBoolean("isTestBed", true);
}
private void do_testbed_hack(
- int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
- throws EBaseException {
- if (!mIsTestBed)
+ int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
+ throws EBaseException {
+ if (!mIsTestBed)
return;
- // get around bug in cartman - bits are off by one byte.
+ // get around bug in cartman - bits are off by one byte.
for (int i = 0; i < certinfo.length; i++) {
try {
X509CertInfo cert = certinfo[i];
CertificateExtensions exts = (CertificateExtensions)
- cert.get(CertificateExtensions.NAME);
+ cert.get(CertificateExtensions.NAME);
if (exts == null) {
// should not happen.
continue;
}
KeyUsageExtension ext = (KeyUsageExtension)
- exts.get(KeyUsageExtension.class.getSimpleName());
+ exts.get(KeyUsageExtension.class.getSimpleName());
- if (ext == null)
+ if (ext == null)
// should not happen
continue;
byte[] value = ext.getExtensionValue();
@@ -1235,9 +1232,9 @@ public class HashEnrollServlet extends CMSServlet {
}
}
newvalue[4] = 0;
- KeyUsageExtension newext =
- new KeyUsageExtension(Boolean.valueOf(true),
- (Object) newvalue);
+ KeyUsageExtension newext =
+ new KeyUsageExtension(Boolean.valueOf(true),
+ (Object) newvalue);
exts.delete(KeyUsageExtension.class.getSimpleName());
exts.set(KeyUsageExtension.class.getSimpleName(), newext);
@@ -1253,4 +1250,3 @@ public class HashEnrollServlet extends CMSServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
index 75726730..5e4f7a42 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
@@ -58,25 +57,26 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
* Set up HTTP response to import certificate into browsers
*
* The result must have been populate with the set of certificates
* to return.
+ *
* <pre>
* inputs: certtype.
* outputs:
- * - cert type from http input (if any)
+ * - cert type from http input (if any)
* - CA chain
- * - authority name (RM, CM, DRM)
+ * - authority name (RM, CM, DRM)
* - scheme:host:port of server.
- * array of one or more
+ * array of one or more
* - cert serial number
* - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
+ * - cert in base 64 encoding.
+ * - cmmf blob to import
* </pre>
+ *
* @version $Revision$, $Date$
*/
public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
@@ -88,7 +88,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
public static final String CERT_NICKNAME = "certNickname";
public static final String CMMF_RESP = "cmmfResponse";
- public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
+ public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
public ImportCertsTemplateFiller() {
}
@@ -100,19 +100,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
Certificate[] certs = (Certificate[]) cmsReq.getResult();
if (certs instanceof X509CertImpl[])
- return getX509TemplateParams(cmsReq, authority, locale, e);
+ return getX509TemplateParams(cmsReq, authority, locale, e);
else
return null;
}
-
+
public CMSTemplateParams getX509TemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(header, fixed);
@@ -123,9 +123,9 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
int port = httpReq.getServerPort();
String scheme = httpReq.getScheme();
String format = httpReq.getParameter("format");
- if(format!=null && format.equals("cmc"))
+ if (format != null && format.equals("cmc"))
fixed.set("importCMC", "false");
- String agentPort = ""+port;
+ String agentPort = "" + port;
fixed.set("agentHost", host);
fixed.set("agentPort", agentPort);
fixed.set(ICMSTemplateFiller.HOST, host);
@@ -148,33 +148,34 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
// set cert type.
IArgBlock httpParams = cmsReq.getHttpParams();
- String certType =
- httpParams.getValueAsString(CERT_TYPE, null);
+ String certType =
+ httpParams.getValueAsString(CERT_TYPE, null);
- if (certType != null)
+ if (certType != null)
fixed.set(CERT_TYPE, certType);
- // this authority
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- (String) authority.getOfficialName());
+ // this authority
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ (String) authority.getOfficialName());
// CA chain.
- CertificateChain cachain =
- ((ICertAuthority) authority).getCACertChain();
+ CertificateChain cachain =
+ ((ICertAuthority) authority).getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
String replyTo = httpParams.getValueAsString("replyTo", null);
- if (replyTo != null) fixed.set("replyTo", replyTo);
+ if (replyTo != null)
+ fixed.set("replyTo", replyTo);
- // set user + CA cert chain and pkcs7 for MSIE.
+ // set user + CA cert chain and pkcs7 for MSIE.
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
int m = 1, n = 0;
- for (; n < cacerts.length; m++, n++)
+ for (; n < cacerts.length; m++, n++)
userChain[m] = (X509CertImpl) cacerts[n];
- // certs.
+ // certs.
X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
// expose CRMF request id
@@ -196,23 +197,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
if (CMSServlet.doCMMFResponse(httpParams)) {
byte[][] caPubs = new byte[cacerts.length][];
- for (int j = 0; j < cacerts.length; j++)
+ for (int j = 0; j < cacerts.length; j++)
caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
certRepContent = new CertRepContent(caPubs);
- String certnickname =
- cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
+ String certnickname =
+ cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
// if nickname is not requested set to subject name by default.
- if (certnickname == null)
+ if (certnickname == null)
fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
else
fixed.set(CERT_NICKNAME, certnickname);
}
// make pkcs7 for MSIE
- if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
- (certType == null || certType.equals("client"))) {
+ if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
+ (certType == null || certType.equals("client"))) {
userChain[0] = certs[0];
PKCS7 p7 = new PKCS7(new AlgorithmId[0],
new ContentInfo(new byte[0]),
@@ -234,8 +235,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
X509CertImpl cert = certs[i];
// set serial number.
- BigInteger serialNo =
- ((X509Certificate) cert).getSerialNumber();
+ BigInteger serialNo =
+ ((X509Certificate) cert).getSerialNumber();
repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
@@ -244,14 +245,14 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
// String b64 = encoder.encodeBuffer(certEncoded);
String b64 = CMS.BtoA(certEncoded);
String b64cert = "-----BEGIN CERTIFICATE-----\n" +
- b64 + "\n-----END CERTIFICATE-----";
+ b64 + "\n-----END CERTIFICATE-----";
repeat.set(BASE64_CERT, b64cert);
-
+
// set cert pretty print.
-
+
String prettyPrintRequested =
- cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
+ cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
if (prettyPrintRequested == null) {
prettyPrintRequested = "true";
@@ -266,7 +267,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
repeat.set(CERT_PRETTYPRINT, ppStr);
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
if (cert.equals(cacerts[j])) {
@@ -277,10 +279,10 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
certsInChain = new X509CertImpl[cacerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
@@ -292,7 +294,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0],
new ContentInfo(new byte[0]),
certsInChain,
new SignerInfo[0]);
@@ -308,7 +310,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
//p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
//+ "; Please contact your administrator";
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
// set cert fingerprint (for Cisco routers)
@@ -325,18 +327,18 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
throw new EBaseException(
CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
}
- if (fingerprint != null && fingerprint.length() > 0)
+ if (fingerprint != null && fingerprint.length() > 0)
repeat.set(CERT_FINGERPRINT, fingerprint);
- // cmmf response for this cert.
+ // cmmf response for this cert.
if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
- (certType == null || certType.equals("client"))) {
+ (certType == null || certType.equals("client"))) {
PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
- CertifiedKeyPair certifiedKP =
- new CertifiedKeyPair(new CertOrEncCert(certEncoded));
- CertResponse resp =
- new CertResponse(new INTEGER(crmfReqId), status,
- certifiedKP);
+ CertifiedKeyPair certifiedKP =
+ new CertifiedKeyPair(new CertOrEncCert(certEncoded));
+ CertResponse resp =
+ new CertResponse(new INTEGER(crmfReqId), status,
+ certifiedKP);
certRepContent.addCertResponse(resp);
}
@@ -352,8 +354,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
byte[] certRepBytes = certRepOut.toByteArray();
String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes);
// add CR to each return as required by cartman
- BufferedReader certRepB64lines =
- new BufferedReader(new StringReader(certRepB64));
+ BufferedReader certRepB64lines =
+ new BufferedReader(new StringReader(certRepB64));
StringWriter certRepStringOut = new StringWriter();
String oneLine = null;
boolean first = true;
@@ -376,4 +378,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
index a65be25a..492e0cde 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Retrieve a paged list of certs matching the specified query
- *
+ *
* @version $Revision$, $Date$
*/
public class ListCerts extends CMSServlet {
@@ -78,8 +76,8 @@ public class ListCerts extends CMSServlet {
private ICertificateRepository mCertDB = null;
private X500Name mAuthName = null;
private String mFormPath = null;
- private boolean mReverse = false;
- private boolean mHardJumpTo = false; //jump to the end
+ private boolean mReverse = false;
+ private boolean mHardJumpTo = false; //jump to the end
private String mDirection = null;
private boolean mUseClientFilter = false;
private Vector<String> mAllowedClientFilters = new Vector<String>();
@@ -95,7 +93,7 @@ public class ListCerts extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "queryCert.template" to render the response
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -125,23 +123,23 @@ public class ListCerts extends CMSServlet {
the client applications that submits raw LDAP
filter into this servlet. */
if (sc.getInitParameter(USE_CLIENT_FILTER) != null &&
- sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true;
+ sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) {
+ mUseClientFilter = true;
}
if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
- mAllowedClientFilters.addElement("(certStatus=*)");
- mAllowedClientFilters.addElement("(certStatus=VALID)");
- mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
- mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
+ mAllowedClientFilters.addElement("(certStatus=*)");
+ mAllowedClientFilters.addElement("(certStatus=VALID)");
+ mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
+ mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
} else {
StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ",");
while (st.hasMoreTokens()) {
- mAllowedClientFilters.addElement(st.nextToken());
+ mAllowedClientFilters.addElement(st.nextToken());
}
}
}
- public String buildFilter(HttpServletRequest req)
- {
+ public String buildFilter(HttpServletRequest req) {
String queryCertFilter = req.getParameter("queryCertFilter");
com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter);
@@ -151,7 +149,7 @@ public class ListCerts extends CMSServlet {
Enumeration<String> filters = mAllowedClientFilters.elements();
// check to see if the filter is allowed
while (filters.hasMoreElements()) {
- String filter = (String)filters.nextElement();
+ String filter = (String) filters.nextElement();
com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter);
if (filter.equals(queryCertFilter)) {
return queryCertFilter;
@@ -166,34 +164,33 @@ public class ListCerts extends CMSServlet {
boolean skipRevoked = false;
boolean skipNonValid = false;
if (req.getParameter("skipRevoked") != null &&
- req.getParameter("skipRevoked").equals("on")) {
+ req.getParameter("skipRevoked").equals("on")) {
skipRevoked = true;
}
if (req.getParameter("skipNonValid") != null &&
- req.getParameter("skipNonValid").equals("on")) {
+ req.getParameter("skipNonValid").equals("on")) {
skipNonValid = true;
}
if (!skipRevoked && !skipNonValid) {
- queryCertFilter = "(certStatus=*)";
- } else if (skipRevoked && skipNonValid) {
- queryCertFilter = "(certStatus=VALID)";
- } else if (skipRevoked) {
- queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
- } else if (skipNonValid) {
- queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
+ queryCertFilter = "(certStatus=*)";
+ } else if (skipRevoked && skipNonValid) {
+ queryCertFilter = "(certStatus=VALID)";
+ } else if (skipRevoked) {
+ queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+ } else if (skipNonValid) {
+ queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
}
return queryCertFilter;
}
/**
- * Process the HTTP request.
- * <ul>
- * <li>http.param maxCount Number of certificates to show
- * <li>http.param queryFilter and ldap style filter specifying the
- * certificates to show
- * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down
- * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up
+ * Process the HTTP request.
+ * <ul>
+ * <li>http.param maxCount Number of certificates to show
+ * <li>http.param queryFilter and ldap style filter specifying the certificates to show
+ * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down
+ * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up
* <li>http.param direction "up", "down", "begin", or "end"
* </ul>
*/
@@ -232,24 +229,24 @@ public class ListCerts extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
- mHardJumpTo = false;
+ mHardJumpTo = false;
try {
- if (req.getParameter("direction") != null) {
- mDirection = req.getParameter("direction").trim();
- mReverse = mDirection.equals("up");
- if (mReverse)
- com.netscape.certsrv.apps.CMS.debug("reverse is true");
- else
- com.netscape.certsrv.apps.CMS.debug("reverse is false");
+ if (req.getParameter("direction") != null) {
+ mDirection = req.getParameter("direction").trim();
+ mReverse = mDirection.equals("up");
+ if (mReverse)
+ com.netscape.certsrv.apps.CMS.debug("reverse is true");
+ else
+ com.netscape.certsrv.apps.CMS.debug("reverse is false");
- }
+ }
if (req.getParameter("maxCount") != null) {
maxCount = Integer.parseInt(req.getParameter("maxCount"));
@@ -259,19 +256,19 @@ public class ListCerts extends CMSServlet {
maxCount = mMaxReturns;
}
- String sentinelStr = "";
- if (mReverse) {
- sentinelStr = req.getParameter("querySentinelUp");
- } else if (mDirection.equals("end")) {
- // this servlet will figure out the end
- sentinelStr = "0";
- mReverse = true;
- mHardJumpTo = true;
- } else if (mDirection.equals("down")) {
- sentinelStr = req.getParameter("querySentinelDown");
- } else
- sentinelStr = "0";
- //begin and non-specified have sentinel default "0"
+ String sentinelStr = "";
+ if (mReverse) {
+ sentinelStr = req.getParameter("querySentinelUp");
+ } else if (mDirection.equals("end")) {
+ // this servlet will figure out the end
+ sentinelStr = "0";
+ mReverse = true;
+ mHardJumpTo = true;
+ } else if (mDirection.equals("down")) {
+ sentinelStr = req.getParameter("querySentinelDown");
+ } else
+ sentinelStr = "0";
+ //begin and non-specified have sentinel default "0"
if (sentinelStr != null) {
if (sentinelStr.trim().startsWith("0x")) {
@@ -288,7 +285,7 @@ public class ListCerts extends CMSServlet {
//if (isCertFromCA(caCert))
header.addStringValue("caSerialNumber",
- caCert.getSerialNumber().toString(16));
+ caCert.getSerialNumber().toString(16));
}
// constructs the ldap filter on the server side
@@ -298,7 +295,7 @@ public class ListCerts extends CMSServlet {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
+
com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter);
int totalRecordCount = -1;
@@ -307,16 +304,16 @@ public class ListCerts extends CMSServlet {
totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount"));
} catch (Exception e) {
}
- processCertFilter(argSet, header, maxCount,
- sentinel,
- totalRecordCount,
- req.getParameter("serialTo"),
- queryCertFilter,
- req, resp, revokeAll, locale[0]);
+ processCertFilter(argSet, header, maxCount,
+ sentinel,
+ totalRecordCount,
+ req.getParameter("serialTo"),
+ queryCertFilter,
+ req, resp, revokeAll, locale[0]);
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-
- error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+
+ error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -329,36 +326,36 @@ public class ListCerts extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- cmsReq.setStatus(CMSRequest.SUCCESS);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
- private void processCertFilter(CMSTemplateParams argSet,
- IArgBlock header,
- int maxCount,
- BigInteger sentinel,
- int totalRecordCount,
- String serialTo,
- String filter,
- HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll,
- Locale locale
- ) throws EBaseException {
+ private void processCertFilter(CMSTemplateParams argSet,
+ IArgBlock header,
+ int maxCount,
+ BigInteger sentinel,
+ int totalRecordCount,
+ String serialTo,
+ String filter,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String revokeAll,
+ Locale locale
+ ) throws EBaseException {
BigInteger serialToVal = MINUS_ONE;
try {
@@ -376,21 +373,21 @@ public class ListCerts extends CMSServlet {
}
String jumpTo = sentinel.toString();
- int pSize = 0;
- if (mReverse) {
- if (!mHardJumpTo) //reverse gets one more
- pSize = -1*maxCount-1;
- else
- pSize = -1*maxCount;
- } else
- pSize = maxCount;
+ int pSize = 0;
+ if (mReverse) {
+ if (!mHardJumpTo) //reverse gets one more
+ pSize = -1 * maxCount - 1;
+ else
+ pSize = -1 * maxCount;
+ } else
+ pSize = maxCount;
ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList(
- filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
- pSize);
+ filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
+ pSize);
// retrive maxCount + 1 entries
- Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount);
+ Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount);
ICertRecordList tolist = null;
int toCurIndex = 0;
@@ -399,8 +396,8 @@ public class ListCerts extends CMSServlet {
// if user specify a range, we need to
// calculate the totalRecordCount
tolist = (ICertRecordList) mCertDB.findCertRecordsInList(
- filter,
- (String[]) null, serialTo,
+ filter,
+ (String[]) null, serialTo,
"serialno", maxCount);
Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0);
@@ -420,82 +417,82 @@ public class ListCerts extends CMSServlet {
}
}
}
-
+
int curIndex = list.getCurrentIndex();
int count = 0;
- BigInteger firstSerial = new BigInteger("0");
- BigInteger curSerial = new BigInteger("0");
- ICertRecord[] recs = new ICertRecord[maxCount];
- int rcount = 0;
+ BigInteger firstSerial = new BigInteger("0");
+ BigInteger curSerial = new BigInteger("0");
+ ICertRecord[] recs = new ICertRecord[maxCount];
+ int rcount = 0;
if (e != null) {
- /* in reverse (page up), because the sentinel is the one after the
- * last item to be displayed, we need to skip it
- */
- while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) {
+ /* in reverse (page up), because the sentinel is the one after the
+ * last item to be displayed, we need to skip it
+ */
+ while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) {
ICertRecord rec = (ICertRecord) e.nextElement();
if (rec == null) {
- com.netscape.certsrv.apps.CMS.debug("record "+count+" is null");
+ com.netscape.certsrv.apps.CMS.debug("record " + count + " is null");
break;
- }
+ }
curSerial = rec.getSerialNumber();
- com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial);
-
- if (count == 0) {
- firstSerial = curSerial;
- if (mReverse && !mHardJumpTo) {//reverse got one more, skip
- count++;
- continue;
- }
- }
-
- // DS has a problem where last record will be returned
- // even though the filter is not matched.
- /*cfu - is this necessary? it breaks when paging up
- if (curSerial.compareTo(sentinel) == -1) {
- com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
-
- break;
- }
- */
+ com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial);
+
+ if (count == 0) {
+ firstSerial = curSerial;
+ if (mReverse && !mHardJumpTo) {//reverse got one more, skip
+ count++;
+ continue;
+ }
+ }
+
+ // DS has a problem where last record will be returned
+ // even though the filter is not matched.
+ /*cfu - is this necessary? it breaks when paging up
+ if (curSerial.compareTo(sentinel) == -1) {
+ com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
+
+ break;
+ }
+ */
if (!serialToVal.equals(MINUS_ONE)) {
// check if we go over the limit
if (curSerial.compareTo(serialToVal) == 1) {
- com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
+ com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
break;
- }
+ }
}
- if (mReverse) {
- recs[rcount++] = rec;
- } else {
+ if (mReverse) {
+ recs[rcount++] = rec;
+ } else {
- IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+ IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
- fillRecordIntoArg(rec, rarg);
- argSet.addRepeatRecord(rarg);
- }
+ fillRecordIntoArg(rec, rarg);
+ argSet.addRepeatRecord(rarg);
+ }
count++;
}
} else {
com.netscape.certsrv.apps.CMS.debug(
- "ListCerts::processCertFilter() - no Cert Records found!" );
+ "ListCerts::processCertFilter() - no Cert Records found!");
return;
}
- if (mReverse) {
- // fill records into arg block and argSet
- for (int ii = rcount-1; ii>= 0; ii--) {
- if (recs[ii] != null) {
- IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
- //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
- fillRecordIntoArg(recs[ii], rarg);
- argSet.addRepeatRecord(rarg);
- }
- }
- }
+ if (mReverse) {
+ // fill records into arg block and argSet
+ for (int ii = rcount - 1; ii >= 0; ii--) {
+ if (recs[ii] != null) {
+ IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+ //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
+ fillRecordIntoArg(recs[ii], rarg);
+ argSet.addRepeatRecord(rarg);
+ }
+ }
+ }
// peek ahead
ICertRecord nextRec = null;
@@ -519,58 +516,58 @@ public class ListCerts extends CMSServlet {
if (totalRecordCount == -1) {
if (!serialToVal.equals(MINUS_ONE)) {
totalRecordCount = toCurIndex - curIndex + 1;
- com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+ com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
} else {
- totalRecordCount = list.getSize() -
+ totalRecordCount = list.getSize() -
list.getCurrentIndex();
- com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+ com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
}
}
header.addIntegerValue("totalRecordCount", totalRecordCount);
- header.addIntegerValue("currentRecordCount", list.getSize() -
- list.getCurrentIndex());
-
- String qs = "";
- if (mReverse)
- qs = "querySentinelUp";
- else
- qs = "querySentinelDown";
-
- if (mHardJumpTo) {
- com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
- header.addStringValue("querySentinelUp", curSerial.toString());
- } else {
- if (nextRec == null) {
- header.addStringValue(qs, null);
- com.netscape.certsrv.apps.CMS.debug("nextRec is null");
- if (mReverse) {
- com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
- header.addStringValue("querySentinelUp", curSerial.toString());
- }
+ header.addIntegerValue("currentRecordCount", list.getSize() -
+ list.getCurrentIndex());
+
+ String qs = "";
+ if (mReverse)
+ qs = "querySentinelUp";
+ else
+ qs = "querySentinelDown";
+
+ if (mHardJumpTo) {
+ com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
+
+ header.addStringValue("querySentinelUp", curSerial.toString());
} else {
- BigInteger nextRecNo = nextRec.getSerialNumber();
+ if (nextRec == null) {
+ header.addStringValue(qs, null);
+ com.netscape.certsrv.apps.CMS.debug("nextRec is null");
+ if (mReverse) {
+ com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
- if (serialToVal.equals(MINUS_ONE)) {
- header.addStringValue(
- qs, nextRecNo.toString());
+ header.addStringValue("querySentinelUp", curSerial.toString());
+ }
} else {
- if (nextRecNo.compareTo(serialToVal) <= 0) {
+ BigInteger nextRecNo = nextRec.getSerialNumber();
+
+ if (serialToVal.equals(MINUS_ONE)) {
header.addStringValue(
- qs, nextRecNo.toString());
+ qs, nextRecNo.toString());
} else {
- header.addStringValue(qs,
- null);
+ if (nextRecNo.compareTo(serialToVal) <= 0) {
+ header.addStringValue(
+ qs, nextRecNo.toString());
+ } else {
+ header.addStringValue(qs,
+ null);
+ }
}
+ com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString());
}
- com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString());
- }
- } // !mHardJumpto
+ } // !mHardJumpto
- header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown",
- firstSerial.toString());
+ header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown",
+ firstSerial.toString());
}
@@ -578,7 +575,7 @@ public class ListCerts extends CMSServlet {
* Fills cert record into argument block.
*/
private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl xcert = rec.getCertificate();
@@ -586,9 +583,9 @@ public class ListCerts extends CMSServlet {
fillX509RecordIntoArg(rec, rarg);
}
}
-
+
private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl cert = rec.getCertificate();
@@ -631,12 +628,13 @@ public class ListCerts extends CMSServlet {
rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
String issuedBy = rec.getIssuedBy();
- if (issuedBy == null) issuedBy = "";
+ if (issuedBy == null)
+ issuedBy = "";
rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
rarg.addStringValue("revokedBy",
- ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+ ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
if (rec.getRevokedOn() == null) {
rarg.addStringValue("revokedOn", null);
} else {
@@ -665,4 +663,3 @@ public class ListCerts extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
index db77d039..b248d2bd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
@@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Provide statistical queries of request and certificate records.
- *
+ *
* @version $Revision$, $Date$
*/
public class Monitor extends CMSServlet {
@@ -83,8 +81,8 @@ public class Monitor extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
- * 'monitor.template' to render the response.
- *
+ * 'monitor.template' to render the response.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
@@ -111,8 +109,8 @@ public class Monitor extends CMSServlet {
* Process the HTTP request.
* <ul>
* <li>http.param startTime start of time period to query
- * <li>http.param endTime end of time period to query
- * <li>http.param interval time between queries
+ * <li>http.param endTime end of time period to query
+ * <li>http.param interval time between queries
* <li>http.param numberOfIntervals number of queries to run
* <li>http.param maxResults =number
* <li>http.param timeLimit =time
@@ -130,10 +128,10 @@ public class Monitor extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -158,8 +156,8 @@ public class Monitor extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
@@ -172,7 +170,7 @@ public class Monitor extends CMSServlet {
process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
error = e;
}
@@ -182,29 +180,29 @@ public class Monitor extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
- private void process(CMSTemplateParams argSet, IArgBlock header,
- String startTime, String endTime,
- String interval, String numberOfIntervals,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String startTime, String endTime,
+ String interval, String numberOfIntervals,
+ Locale locale)
+ throws EBaseException {
if (interval == null || interval.length() == 0) {
header.addStringValue("error", "Invalid interval: " + interval);
return;
@@ -270,7 +268,7 @@ public class Monitor extends CMSServlet {
return;
}
-
+
Date nextDate(Date d, int seconds) {
Date date = new Date((d.getTime()) + ((long) (seconds * 1000)));
@@ -326,12 +324,12 @@ public class Monitor extends CMSServlet {
mTotalReqs += count;
}
} catch (Exception ex) {
- return "Exception: " + ex;
+ return "Exception: " + ex;
}
return null;
} else {
- return "Missing start or end date";
+ return "Missing start or end date";
}
}
@@ -348,12 +346,12 @@ public class Monitor extends CMSServlet {
int hour = Integer.parseInt(z.substring(8, 10));
int minute = Integer.parseInt(z.substring(10, 12));
int second = Integer.parseInt(z.substring(12, 14));
- Calendar calendar= Calendar.getInstance();
+ Calendar calendar = Calendar.getInstance();
calendar.set(year, month, date, hour, minute, second);
d = calendar.getTime();
} catch (NumberFormatException nfe) {
}
- } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
+ } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
try {
int i = Integer.parseInt(z);
@@ -370,23 +368,27 @@ public class Monitor extends CMSServlet {
Calendar calendar = Calendar.getInstance();
calendar.setTime(d);
-
String time = "" + (calendar.get(Calendar.YEAR));
int i = calendar.get(Calendar.MONTH) + 1;
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i;
- i = calendar.get(Calendar.DAY_OF_MONTH);
- if (i < 10) time += "0";
+ i = calendar.get(Calendar.DAY_OF_MONTH);
+ if (i < 10)
+ time += "0";
time += i;
i = calendar.get(Calendar.HOUR_OF_DAY);
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i;
i = calendar.get(Calendar.MINUTE);
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i;
i = calendar.get(Calendar.SECOND);
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i + "Z";
return time;
}
@@ -403,4 +405,3 @@ public class Monitor extends CMSServlet {
return filter;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
index 50296cf1..87882059 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Specify the RevocationReason when revoking a certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class ReasonToRevoke extends CMSServlet {
@@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses the template file
- * 'reasonToRevoke.template' to render the response
- *
+ * initialize the servlet. This servlet uses the template file
+ * 'reasonToRevoke.template' to render the response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -108,13 +106,13 @@ public class ReasonToRevoke extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -130,10 +128,10 @@ public class ReasonToRevoke extends CMSServlet {
mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -151,10 +149,10 @@ public class ReasonToRevoke extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -163,20 +161,20 @@ public class ReasonToRevoke extends CMSServlet {
try {
if (req.getParameter("totalRecordCount") != null) {
- totalRecordCount =
+ totalRecordCount =
Integer.parseInt(req.getParameter("totalRecordCount"));
}
revokeAll = req.getParameter("revokeAll");
- process(argSet, header, req, resp,
- revokeAll, totalRecordCount, locale[0]);
+ process(argSet, header, req, resp,
+ revokeAll, totalRecordCount, locale[0]);
} catch (EBaseException e) {
error = e;
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT"));
error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
- }
+ }
/*
catch (Exception e) {
@@ -196,30 +194,30 @@ public class ReasonToRevoke extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll, int totalRecordCount,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String revokeAll, int totalRecordCount,
+ Locale locale)
+ throws EBaseException {
header.addStringValue("revokeAll", revokeAll);
header.addIntegerValue("totalRecordCount", totalRecordCount);
@@ -238,14 +236,14 @@ public class ReasonToRevoke extends CMSServlet {
if (isCertFromCA(caCert)) {
header.addStringValue("caSerialNumber",
- caCert.getSerialNumber().toString(16));
+ caCert.getSerialNumber().toString(16));
}
}
/**
- ICertRecordList list = mCertDB.findCertRecordsInList(
- revokeAll, null, totalRecordCount);
- Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
+ * ICertRecordList list = mCertDB.findCertRecordsInList(
+ * revokeAll, null, totalRecordCount);
+ * Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
**/
Enumeration e = mCertDB.searchCertificates(revokeAll,
totalRecordCount, mTimeLimits);
@@ -265,16 +263,16 @@ public class ReasonToRevoke extends CMSServlet {
count++;
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
- rarg.addStringValue("serialNumberDecimal",
- xcert.getSerialNumber().toString());
- rarg.addStringValue("subject",
- xcert.getSubjectDN().toString());
- rarg.addLongValue("validNotBefore",
- xcert.getNotBefore().getTime() / 1000);
- rarg.addLongValue("validNotAfter",
- xcert.getNotAfter().getTime() / 1000);
+ rarg.addStringValue("serialNumber",
+ xcert.getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumberDecimal",
+ xcert.getSerialNumber().toString());
+ rarg.addStringValue("subject",
+ xcert.getSubjectDN().toString());
+ rarg.addLongValue("validNotBefore",
+ xcert.getNotBefore().getTime() / 1000);
+ rarg.addLongValue("validNotAfter",
+ xcert.getNotAfter().getTime() / 1000);
argSet.addRepeatRecord(rarg);
}
}
@@ -288,4 +286,3 @@ public class ReasonToRevoke extends CMSServlet {
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
index 9c414b9c..5a0a1266 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
@@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Allow agent to turn on/off authentication managers
*
@@ -89,7 +87,7 @@ public class RemoteAuthConfig extends CMSServlet {
/**
* Initializes the servlet.
- *
+ *
* Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg
* enables remote configuration for authentication plugins.
* List of remotely set instances can be found in CMS.cfg
@@ -133,16 +131,16 @@ public class RemoteAuthConfig extends CMSServlet {
/**
* Serves HTTPS request. The format of this request is as follows:
- * https://host:ee-port/remoteAuthConfig?
- * op="add"|"delete"&
- * instance=<instanceName>&
- * of=<authPluginName>&
- * host=<hostName>&
- * port=<portNumber>&
- * password=<password>&
- * [adminDN=<adminDN>]&
- * [uid=<uid>]&
- * [baseDN=<baseDN>]
+ * https://host:ee-port/remoteAuthConfig?
+ * op="add"|"delete"&
+ * instance=<instanceName>&
+ * of=<authPluginName>&
+ * host=<hostName>&
+ * port=<portNumber>&
+ * password=<password>&
+ * [adminDN=<adminDN>]&
+ * [uid=<uid>]&
+ * [baseDN=<baseDN>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -201,7 +199,7 @@ public class RemoteAuthConfig extends CMSServlet {
}
} else {
header.addStringValue("error", "Unknown instance " +
- instance + ".");
+ instance + ".");
}
} else {
header.addStringValue("error", "Unknown plugin name: " + plugin);
@@ -217,7 +215,7 @@ public class RemoteAuthConfig extends CMSServlet {
}
if (isInstanceListed(instance)) {
header.addStringValue("error", "Instance name " +
- instance + " is already in use.");
+ instance + " is already in use.");
} else {
errMsg = addInstance(instance, plugin,
host, port, baseDN,
@@ -253,7 +251,7 @@ public class RemoteAuthConfig extends CMSServlet {
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -263,15 +261,15 @@ public class RemoteAuthConfig extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private String authenticateRemoteAdmin(String host, String port,
- String adminDN, String password) {
+ String adminDN, String password) {
if (host == null || host.length() == 0) {
return "Missing host name.";
}
@@ -362,8 +360,8 @@ public class RemoteAuthConfig extends CMSServlet {
}
private String authenticateRemoteAdmin(String host, String port,
- String uid, String baseDN,
- String password) {
+ String uid, String baseDN,
+ String password) {
if (host == null || host.length() == 0) {
return "Missing host name.";
}
@@ -473,8 +471,8 @@ public class RemoteAuthConfig extends CMSServlet {
}
private String addInstance(String instance, String plugin,
- String host, String port,
- String baseDN, String dnPattern) {
+ String host, String port,
+ String baseDN, String dnPattern) {
if (host == null || host.length() == 0) {
return "Missing host name.";
}
@@ -516,7 +514,8 @@ public class RemoteAuthConfig extends CMSServlet {
StringBuffer list = new StringBuffer();
for (int i = 0; i < mRemotelySetInstances.size(); i++) {
- if (i > 0) list.append(",");
+ if (i > 0)
+ list.append(",");
list.append((String) mRemotelySetInstances.elementAt(i));
}
@@ -542,7 +541,8 @@ public class RemoteAuthConfig extends CMSServlet {
StringBuffer list = new StringBuffer();
for (int i = 0; i < mRemotelySetInstances.size(); i++) {
- if (i > 0) list.append(",");
+ if (i > 0)
+ list.append(",");
list.append((String) mRemotelySetInstances.elementAt(i));
}
@@ -602,17 +602,21 @@ public class RemoteAuthConfig extends CMSServlet {
int y = now.get(Calendar.YEAR);
String name = "R" + y;
- if (now.get(Calendar.MONTH) < 10) name += "0";
+ if (now.get(Calendar.MONTH) < 10)
+ name += "0";
name += now.get(Calendar.MONTH);
- if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0";
+ if (now.get(Calendar.DAY_OF_MONTH) < 10)
+ name += "0";
name += now.get(Calendar.DAY_OF_MONTH);
- if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0";
+ if (now.get(Calendar.HOUR_OF_DAY) < 10)
+ name += "0";
name += now.get(Calendar.HOUR_OF_DAY);
- if (now.get(Calendar.MINUTE) < 10) name += "0";
+ if (now.get(Calendar.MINUTE) < 10)
+ name += "0";
name += now.get(Calendar.MINUTE);
- if (now.get(Calendar.SECOND) < 10) name += "0";
+ if (now.get(Calendar.SECOND) < 10)
+ name += "0";
name += now.get(Calendar.SECOND);
return name;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
index 050dd36d..2bc1d305 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
/**
* Certificate Renewal
- *
+ *
* @version $Revision$, $Date$
*/
public class RenewalServlet extends CMSServlet {
@@ -69,8 +68,7 @@ public class RenewalServlet extends CMSServlet {
private static final long serialVersionUID = -3094124661102395244L;
// renewal templates.
- public static final String
- RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
+ public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
// http params
public static final String CERT_TYPE = "certType";
@@ -81,8 +79,7 @@ public class RenewalServlet extends CMSServlet {
public static final String IMPORT_CERT = "importCert";
private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
- private ICMSTemplateFiller
- mRenewalSuccessFiller = new ImportCertsTemplateFiller();
+ private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller();
public RenewalServlet() {
super();
@@ -92,6 +89,7 @@ public class RenewalServlet extends CMSServlet {
* initialize the servlet. This servlet makes use of the
* template file "RenewalSuccess.template" to render the
* response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,32 +101,31 @@ public class RenewalServlet extends CMSServlet {
PROP_SUCCESS_TEMPLATE);
if (mRenewalSuccessTemplate == null)
mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
- String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername =
+ sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mRenewalSuccessFiller = filler;
}
} catch (Exception e) {
// this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+ mId));
}
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
long startTime = CMS.getCurrentDate().getTime();
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -139,7 +136,7 @@ public class RenewalServlet extends CMSServlet {
// - old certs from auth manager
// - coming from agent or trusted RA:
// - serial no of cert to be renewed.
-
+
BigInteger old_serial_no = null;
X509CertImpl old_cert = null;
X509CertImpl renewed_cert = null;
@@ -156,10 +153,10 @@ public class RenewalServlet extends CMSServlet {
mAuthzResourceName, "renew");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -190,7 +187,7 @@ public class RenewalServlet extends CMSServlet {
int endDate = httpParams.getValueAsInt("endDate", -1);
if (beginYear != -1 && beginMonth != -1 && beginDate != -1 &&
- endYear != -1 && endMonth != -1 && endDate != -1) {
+ endYear != -1 && endMonth != -1 && endDate != -1) {
Calendar calendar = Calendar.getInstance();
calendar.set(beginYear, beginMonth, beginDate);
notBefore = calendar.getTime();
@@ -213,15 +210,15 @@ public class RenewalServlet extends CMSServlet {
X509CertInfo new_certInfo = null;
req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST);
- req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no});
+ req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no });
if (old_cert != null) {
req.setExtData(IRequest.OLD_CERTS,
- new X509CertImpl[] { old_cert }
- );
+ new X509CertImpl[] { old_cert }
+ );
// create new certinfo from old_cert contents.
X509CertInfo old_certInfo = (X509CertInfo)
- ((X509CertImpl) old_cert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ ((X509CertImpl) old_cert).get(
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo());
} else {
@@ -229,28 +226,28 @@ public class RenewalServlet extends CMSServlet {
// (serializable) to pass through policies. And set the old
// serial number to pick up.
new_certInfo = new CertInfo();
- new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(old_serial_no));
+ new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
+ new CertificateSerialNumber(old_serial_no));
}
-
+
if (notBefore == null || notAfter == null) {
notBefore = new Date(0);
notAfter = new Date(0);
}
- new_certInfo.set(X509CertInfo.VALIDITY,
- new CertificateValidity(notBefore, notAfter));
+ new_certInfo.set(X509CertInfo.VALIDITY,
+ new CertificateValidity(notBefore, notAfter));
req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo }
- );
+ );
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
}
saveHttpHeaders(httpReq, req);
@@ -269,7 +266,7 @@ public class RenewalServlet extends CMSServlet {
if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
agentID = authToken.getInString("userid");
initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
- }else {
+ } else {
// request is from eegateway, so fromUser.
initiative = AuditFormat.FROMUSER;
}
@@ -292,51 +289,51 @@ public class RenewalServlet extends CMSServlet {
wholeMsg.append(msgs.nextElement());
}
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "violation: " +
- wholeMsg.toString()}
- // wholeMsg},
- // ILogger.L_MULTILINE
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "violation: " +
+ wholeMsg.toString() }
+ // wholeMsg},
+ // ILogger.L_MULTILINE
+ );
} else { // no policy violation, from agent
mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "" }
+ );
+ }
+ } else { // other imcomplete status
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
AuditFormat.RENEWALFORMAT,
new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "" }
- );
- }
- } else { // other imcomplete status
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "" }
- );
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "" }
+ );
}
return;
}
@@ -345,15 +342,15 @@ public class RenewalServlet extends CMSServlet {
Integer result = req.getExtDataInInteger(IRequest.RESULT);
CMS.debug(
- "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
+ "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
if (result.equals(IRequest.RES_ERROR)) {
CMS.debug(
- "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
+ "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
String[] svcErrors =
- req.getExtDataInStringArray(IRequest.SVCERRORS);
+ req.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -365,19 +362,19 @@ public class RenewalServlet extends CMSServlet {
//err.toString());
cmsReq.setErrorDescription(err);
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed with error: " +
- err,
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "" }
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed with error: " +
+ err,
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "" }
+ );
}
}
@@ -393,27 +390,27 @@ public class RenewalServlet extends CMSServlet {
long endTime = CMS.getCurrentDate().getTime();
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed",
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "new serial number: 0x" +
- renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "new serial number: 0x" +
+ renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
+ );
return;
}
private void respondSuccess(
- CMSRequest cmsReq, X509CertImpl renewed_cert)
- throws EBaseException {
- cmsReq.setResult(new X509CertImpl[] {renewed_cert}
- );
+ CMSRequest cmsReq, X509CertImpl renewed_cert)
+ throws EBaseException {
+ cmsReq.setResult(new X509CertImpl[] { renewed_cert }
+ );
cmsReq.setStatus(CMSRequest.SUCCESS);
// check if cert should be imported.
@@ -425,45 +422,45 @@ public class RenewalServlet extends CMSServlet {
String certType = httpParams.getValueAsString(CERT_TYPE, "client");
String agent = httpReq.getHeader("user-agent");
- if (checkImportCertToNav(cmsReq.getHttpResp(),
+ if (checkImportCertToNav(cmsReq.getHttpResp(),
httpParams, renewed_cert)) {
return;
} else {
try {
- renderTemplate(cmsReq,
- mRenewalSuccessTemplate, mRenewalSuccessFiller);
+ renderTemplate(cmsReq,
+ mRenewalSuccessTemplate, mRenewalSuccessFiller);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
- mRenewalSuccessTemplate, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+ mRenewalSuccessTemplate, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
return;
}
- protected BigInteger getRenewedCert(ICertRecord certRec)
- throws EBaseException {
+ protected BigInteger getRenewedCert(ICertRecord certRec)
+ throws EBaseException {
BigInteger renewedCert = null;
String serial = null;
- MetaInfo meta = certRec.getMetaInfo();
+ MetaInfo meta = certRec.getMetaInfo();
if (meta == null) {
- log(ILogger.LL_INFO,
- "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
+ log(ILogger.LL_INFO,
+ "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
return null;
}
serial = (String) meta.get(ICertRecord.META_RENEWED_CERT);
if (serial == null) {
- log(ILogger.LL_INFO,
- "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
+ log(ILogger.LL_INFO,
+ "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
return null;
}
renewedCert = new BigInteger(serial);
- log(ILogger.LL_INFO,
- "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
- certRec.getSerialNumber().toString(16));
+ log(ILogger.LL_INFO,
+ "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
+ certRec.getSerialNumber().toString(16));
return renewedCert;
}
@@ -471,27 +468,27 @@ public class RenewalServlet extends CMSServlet {
* get certs to renew from agent.
*/
private BigInteger getCertFromAgent(
- IArgBlock httpParams, X509Certificate[] certContainer)
- throws EBaseException {
+ IArgBlock httpParams, X509Certificate[] certContainer)
+ throws EBaseException {
BigInteger serialno = null;
X509Certificate cert = null;
// get serial no
serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
if (serialno == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
+ CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
}
// get cert from db if we're cert authority.
if (mAuthority instanceof ICertificateAuthority) {
cert = getX509Certificate(serialno);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
}
}
certContainer[0] = cert;
@@ -502,23 +499,23 @@ public class RenewalServlet extends CMSServlet {
* get cert to renew from auth manager
*/
private BigInteger getCertFromAuthMgr(
- IAuthToken authToken, X509Certificate[] certContainer)
- throws EBaseException {
+ IAuthToken authToken, X509Certificate[] certContainer)
+ throws EBaseException {
X509CertImpl cert =
- authToken.getInCert(AuthToken.TOKEN_CERT);
+ authToken.getInCert(AuthToken.TOKEN_CERT);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
}
- if (mAuthority instanceof ICertificateAuthority &&
- !isCertFromCA(cert)) {
+ if (mAuthority instanceof ICertificateAuthority &&
+ !isCertFromCA(cert)) {
log(ILogger.LL_FAILURE, "certficate from auth manager for " +
- " renewal is not from this ca.");
+ " renewal is not from this ca.");
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
}
certContainer[0] = cert;
BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
index 9b39acc7..875f2ab6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Perform the first step in revoking a certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class RevocationServlet extends CMSServlet {
@@ -85,15 +83,15 @@ public class RevocationServlet extends CMSServlet {
private Random mRandom = null;
private Nonces mNonces = null;
-
public RevocationServlet() {
super();
}
/**
- * initialize the servlet. This servlet uses
- * the template file "reasonToRevoke.template" to render the
- * result.
+ * initialize the servlet. This servlet uses
+ * the template file "reasonToRevoke.template" to render the
+ * result.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -115,7 +113,7 @@ public class RevocationServlet extends CMSServlet {
}
}
- // set to false by revokeByDN=false in web.xml
+ // set to false by revokeByDN=false in web.xml
mRevokeByDN = false;
String tmp = sc.getInitParameter(PROP_REVOKEBYDN);
@@ -127,17 +125,16 @@ public class RevocationServlet extends CMSServlet {
}
}
-
/**
- * Process the HTTP request. Note that this servlet does not
- * actually perform the certificate revocation. This is the first
- * step in the multi-step revocation process. (the next step is
+ * Process the HTTP request. Note that this servlet does not
+ * actually perform the certificate revocation. This is the first
+ * step in the multi-step revocation process. (the next step is
* in the ReasonToRevoke servlet.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq)
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -148,7 +145,7 @@ public class RevocationServlet extends CMSServlet {
// - old certs from auth manager
// - coming from agent or trusted RA:
// - serial no of cert to be revoked.
-
+
BigInteger old_serial_no = null;
X509CertImpl old_cert = null;
String revokeAll = null;
@@ -159,10 +156,10 @@ public class RevocationServlet extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -178,17 +175,17 @@ public class RevocationServlet extends CMSServlet {
mAuthzResourceName, "submit");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
+
// coming from agent
if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
X509Certificate[] cert = new X509Certificate[1];
@@ -199,7 +196,7 @@ public class RevocationServlet extends CMSServlet {
else {
// from auth manager
X509CertImpl[] cert = new X509CertImpl[1];
-
+
old_serial_no = getCertFromAuthMgr(authToken, cert);
old_cert = cert[0];
}
@@ -212,7 +209,7 @@ public class RevocationServlet extends CMSServlet {
if (mNonces != null) {
long n = mRandom.nextLong();
- long m = mNonces.addNonce(n, (X509Certificate)old_cert);
+ long m = mNonces.addNonce(n, (X509Certificate) old_cert);
if ((n + m) != 0) {
header.addStringValue("nonce", Long.toString(m));
}
@@ -229,12 +226,12 @@ public class RevocationServlet extends CMSServlet {
} else if (mAuthority instanceof IRegistrationAuthority) {
IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST);
String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." +
- X509CertInfo.SUBJECT + "=" +
- old_cert.getSubjectDN().toString() + ")(|(" +
- ICertRecord.ATTR_CERT_STATUS + "=" +
- ICertRecord.STATUS_VALID + ")(" +
- ICertRecord.ATTR_CERT_STATUS + "=" +
- ICertRecord.STATUS_EXPIRED + ")))";
+ X509CertInfo.SUBJECT + "=" +
+ old_cert.getSubjectDN().toString() + ")(|(" +
+ ICertRecord.ATTR_CERT_STATUS + "=" +
+ ICertRecord.STATUS_VALID + ")(" +
+ ICertRecord.ATTR_CERT_STATUS + "=" +
+ ICertRecord.STATUS_EXPIRED + ")))";
req.setExtData(IRequest.CERT_FILTER, filter);
mRequestQueue.processRequest(req);
@@ -271,8 +268,8 @@ public class RevocationServlet extends CMSServlet {
if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 ||
(!authorized))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED"));
}
@@ -296,15 +293,15 @@ public class RevocationServlet extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addStringValue("serialNumber",
- certsToRevoke[i].getSerialNumber().toString(16));
+ certsToRevoke[i].getSerialNumber().toString(16));
rarg.addStringValue("serialNumberDecimal",
- certsToRevoke[i].getSerialNumber().toString());
+ certsToRevoke[i].getSerialNumber().toString());
rarg.addStringValue("subject",
- certsToRevoke[i].getSubjectDN().toString());
+ certsToRevoke[i].getSubjectDN().toString());
rarg.addLongValue("validNotBefore",
- certsToRevoke[i].getNotBefore().getTime() / 1000);
+ certsToRevoke[i].getNotBefore().getTime() / 1000);
rarg.addLongValue("validNotAfter",
- certsToRevoke[i].getNotAfter().getTime() / 1000);
+ certsToRevoke[i].getNotAfter().getTime() / 1000);
argSet.addRepeatRecord(rarg);
}
} else {
@@ -313,7 +310,7 @@ public class RevocationServlet extends CMSServlet {
}
// set revocation reason, default to unspecified if not set.
- int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
+ int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
header.addIntegerValue("reason", reasonCode);
@@ -324,10 +321,10 @@ public class RevocationServlet extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
@@ -337,28 +334,28 @@ public class RevocationServlet extends CMSServlet {
* get cert to revoke from agent.
*/
private BigInteger getCertFromAgent(
- IArgBlock httpParams, X509Certificate[] certContainer)
- throws EBaseException {
+ IArgBlock httpParams, X509Certificate[] certContainer)
+ throws EBaseException {
BigInteger serialno = null;
X509Certificate cert = null;
// get serial no
serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
if (serialno == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
+ CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
}
// get cert from db if we're cert authority.
if (mAuthority instanceof ICertificateAuthority) {
cert = getX509Certificate(serialno);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
}
certContainer[0] = cert;
@@ -369,22 +366,22 @@ public class RevocationServlet extends CMSServlet {
* get cert to revoke from auth manager
*/
private BigInteger getCertFromAuthMgr(
- IAuthToken authToken, X509Certificate[] certContainer)
- throws EBaseException {
+ IAuthToken authToken, X509Certificate[] certContainer)
+ throws EBaseException {
X509CertImpl cert =
- authToken.getInCert(AuthToken.TOKEN_CERT);
+ authToken.getInCert(AuthToken.TOKEN_CERT);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
}
- if (mAuthority instanceof ICertificateAuthority &&
- !isCertFromCA(cert)) {
+ if (mAuthority instanceof ICertificateAuthority &&
+ !isCertFromCA(cert)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
certContainer[0] = cert;
BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
@@ -393,4 +390,3 @@ public class RevocationServlet extends CMSServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
index 3a571d44..cfc562d7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
@@ -31,21 +30,21 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
- * Certificates Template filler.
- * must have list of certificates in result.
+ * Certificates Template filler.
+ * must have list of certificates in result.
* looks at inputs: certtype.
- * outputs:
- * - cert type from http input (if any)
- * - CA chain
- * - authority name (RM, CM, DRM)
- * - scheme:host:port of server.
- * array of one or more
- * - cert serial number
- * - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
+ * outputs:
+ * - cert type from http input (if any)
+ * - CA chain
+ * - authority name (RM, CM, DRM)
+ * - scheme:host:port of server.
+ * array of one or more
+ * - cert serial number
+ * - cert pretty print
+ * - cert in base 64 encoding.
+ * - cmmf blob to import
+ *
* @version $Revision$, $Date$
*/
class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -61,8 +60,8 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -77,13 +76,13 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
fixed.set(ICMSTemplateFiller.SCHEME, scheme);
// this authority
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- (String) authority.getOfficialName());
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ (String) authority.getOfficialName());
// XXX CA chain.
- RevokedCertImpl[] revoked =
- (RevokedCertImpl[]) cmsReq.getResult();
+ RevokedCertImpl[] revoked =
+ (RevokedCertImpl[]) cmsReq.getResult();
// revoked certs.
for (int i = 0; i < revoked.length; i++) {
@@ -96,4 +95,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index 17bad7a1..01bcfbc0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
@@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Search for certificates matching complex query filter
- *
+ *
* @version $Revision$, $Date$
*/
public class SrchCerts extends CMSServlet {
@@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses srchCert.template
- * to render the response
+ * initialize the servlet. This servlet uses srchCert.template
+ * to render the response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -145,15 +144,14 @@ public class SrchCerts extends CMSServlet {
the client applications that submits raw LDAP
filter into this servlet. */
if (sc.getInitParameter("useClientFilter") != null &&
- sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
+ sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
mUseClientFilter = true;
}
}
- private boolean isOn(HttpServletRequest req, String name)
- {
+ private boolean isOn(HttpServletRequest req, String name) {
String inUse = req.getParameter(name);
- if (inUse == null) {
+ if (inUse == null) {
return false;
}
if (inUse.equals("on")) {
@@ -162,10 +160,9 @@ public class SrchCerts extends CMSServlet {
return false;
}
- private boolean isOff(HttpServletRequest req, String name)
- {
+ private boolean isOff(HttpServletRequest req, String name) {
String inUse = req.getParameter(name);
- if (inUse == null) {
+ if (inUse == null) {
return false;
}
if (inUse.equals("off")) {
@@ -174,8 +171,7 @@ public class SrchCerts extends CMSServlet {
return false;
}
- private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "statusInUse")) {
return;
}
@@ -185,8 +181,7 @@ public class SrchCerts extends CMSServlet {
filter.append(")");
}
- private void buildProfileFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "profileInUse")) {
return;
}
@@ -196,16 +191,14 @@ public class SrchCerts extends CMSServlet {
filter.append(")");
}
- private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "basicConstraintsInUse")) {
return;
}
filter.append("(x509cert.BasicConstraints.isCA=on)");
}
- private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "serialNumberRangeInUse")) {
return;
}
@@ -225,9 +218,8 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildAVAFilter(HttpServletRequest req, String paramName,
- String avaName, StringBuffer lf, String match)
- {
+ private void buildAVAFilter(HttpServletRequest req, String paramName,
+ String avaName, StringBuffer lf, String match) {
String val = req.getParameter(paramName);
if (val != null && !val.equals("")) {
if (match != null && match.equals("exact")) {
@@ -254,8 +246,7 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "subjectInUse")) {
return;
}
@@ -286,9 +277,8 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildRevokedByFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ private void buildRevokedByFilter(HttpServletRequest req,
+ StringBuffer filter) {
if (!isOn(req, "revokedByInUse")) {
return;
}
@@ -302,10 +292,9 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildDateFilter(HttpServletRequest req, String prefix,
+ private void buildDateFilter(HttpServletRequest req, String prefix,
String outStr, long adjustment,
- StringBuffer filter)
- {
+ StringBuffer filter) {
String queryCertFilter = null;
long epoch = 0;
try {
@@ -324,19 +313,17 @@ public class SrchCerts extends CMSServlet {
}
private void buildRevokedOnFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "revokedOnInUse")) {
return;
}
buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter);
- buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999,
+ buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999,
filter);
}
private void buildRevocationReasonFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "revocationReasonInUse")) {
return;
}
@@ -347,23 +334,22 @@ public class SrchCerts extends CMSServlet {
String queryCertFilter = null;
StringTokenizer st = new StringTokenizer(reasons, ",");
if (st.hasMoreTokens()) {
- filter.append("(|");
- while (st.hasMoreTokens()) {
- String token = st.nextToken();
- if (queryCertFilter == null) {
- queryCertFilter = "";
- }
- filter.append("(x509cert.certRevoInfo=");
- filter.append(token);
- filter.append(")");
- }
- filter.append(")");
+ filter.append("(|");
+ while (st.hasMoreTokens()) {
+ String token = st.nextToken();
+ if (queryCertFilter == null) {
+ queryCertFilter = "";
+ }
+ filter.append("(x509cert.certRevoInfo=");
+ filter.append(token);
+ filter.append(")");
+ }
+ filter.append(")");
}
}
- private void buildIssuedByFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ private void buildIssuedByFilter(HttpServletRequest req,
+ StringBuffer filter) {
if (!isOn(req, "issuedByInUse")) {
return;
}
@@ -378,43 +364,39 @@ public class SrchCerts extends CMSServlet {
}
private void buildIssuedOnFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "issuedOnInUse")) {
return;
}
buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter);
- buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999,
+ buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999,
filter);
}
private void buildValidNotBeforeFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "validNotBeforeInUse")) {
return;
}
- buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=",
+ buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=",
0, filter);
- buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
+ buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
86399999, filter);
}
private void buildValidNotAfterFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "validNotAfterInUse")) {
return;
}
- buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=",
+ buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=",
0, filter);
- buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
+ buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
86399999, filter);
}
private void buildValidityLengthFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "validityLengthInUse")) {
return;
}
@@ -439,8 +421,7 @@ public class SrchCerts extends CMSServlet {
}
private void buildCertTypeFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "certTypeInUse")) {
return;
}
@@ -471,8 +452,7 @@ public class SrchCerts extends CMSServlet {
}
}
- public String buildFilter(HttpServletRequest req)
- {
+ public String buildFilter(HttpServletRequest req) {
String queryCertFilter = req.getParameter("queryCertFilter");
StringBuffer filter = new StringBuffer();
@@ -504,10 +484,10 @@ public class SrchCerts extends CMSServlet {
/**
* Serves HTTP request. This format of this request is as follows:
- * queryCert?
- * [maxCount=<number>]
- * [queryFilter=<filter>]
- * [revokeAll=<filter>]
+ * queryCert?
+ * [maxCount=<number>]
+ * [queryFilter=<filter>]
+ * [revokeAll=<filter>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -522,10 +502,10 @@ public class SrchCerts extends CMSServlet {
mAuthzResourceName, "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -551,10 +531,10 @@ public class SrchCerts extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -571,10 +551,10 @@ public class SrchCerts extends CMSServlet {
String queryCertFilter = buildFilter(req);
process(argSet, header, queryCertFilter,
- revokeAll, maxResults, timeLimit, req, resp, locale[0]);
+ revokeAll, maxResults, timeLimit, req, resp, locale[0]);
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -585,33 +565,33 @@ public class SrchCerts extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- cmsReq.setStatus(CMSRequest.SUCCESS);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet, IArgBlock header,
- String filter, String revokeAll,
- int maxResults, int timeLimit,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String filter, String revokeAll,
+ int maxResults, int timeLimit,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale)
+ throws EBaseException {
try {
long startTime = CMS.getCurrentDate().getTime();
@@ -629,7 +609,7 @@ public class SrchCerts extends CMSServlet {
timeLimit = mTimeLimits;
}
CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit);
- Enumeration<ICertRecord > e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
+ Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
int count = 0;
@@ -671,7 +651,8 @@ public class SrchCerts extends CMSServlet {
int i = filter.indexOf(CURRENT_TIME, k);
while (i > -1) {
- if (now == null) now = new Date();
+ if (now == null)
+ now = new Date();
newFilter.append(filter.substring(k, i));
newFilter.append(now.getTime());
k = i + CURRENT_TIME.length();
@@ -687,7 +668,7 @@ public class SrchCerts extends CMSServlet {
* Fills cert record into argument block.
*/
private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl xcert = rec.getCertificate();
@@ -695,9 +676,9 @@ public class SrchCerts extends CMSServlet {
fillX509RecordIntoArg(rec, rarg);
}
}
-
+
private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl cert = rec.getCertificate();
@@ -708,7 +689,7 @@ public class SrchCerts extends CMSServlet {
String subject = (String) cert.getSubjectDN().toString();
if (subject.equals("")) {
- rarg.addStringValue("subject", " ");
+ rarg.addStringValue("subject", " ");
} else {
rarg.addStringValue("subject", subject);
@@ -744,12 +725,13 @@ public class SrchCerts extends CMSServlet {
rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
String issuedBy = rec.getIssuedBy();
- if (issuedBy == null) issuedBy = "";
+ if (issuedBy == null)
+ issuedBy = "";
rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
rarg.addStringValue("revokedBy",
- ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+ ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
if (rec.getRevokedOn() == null) {
rarg.addStringValue("revokedOn", null);
} else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
index b10086e1..77fbc85a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -60,10 +59,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Force the CRL to be updated now.
- *
+ *
* @version $Revision$, $Date$
*/
public class UpdateCRL extends CMSServlet {
@@ -96,32 +94,31 @@ public class UpdateCRL extends CMSServlet {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority)
mCA = (ICertificateAuthority) mAuthority;
-
- // override success to do output orw own template.
+
+ // override success to do output orw own template.
mTemplates.remove(CMSRequest.SUCCESS);
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param signatureAlgorithm the algorithm to use to sign the CRL
- * <li>http.param waitForUpdate true/false - should the servlet wait until
- * the CRL update is complete?
- * <li>http.param clearCRLCache true/false - should the CRL cache cleared
- * before the CRL is generated?
+ * <li>http.param waitForUpdate true/false - should the servlet wait until the CRL update is complete?
+ * <li>http.param clearCRLCache true/false - should the CRL cache cleared before the CRL is generated?
* <li>http.param crlIssuingPoint the CRL Issuing Point to Update
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("crl", true /* main action */);
+ statsSub.startTiming("crl", true /* main action */);
}
long startTime = CMS.getCurrentDate().getTime();
@@ -133,16 +130,16 @@ public class UpdateCRL extends CMSServlet {
mAuthzResourceName, "update");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
return;
}
@@ -159,21 +156,21 @@ public class UpdateCRL extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
- String signatureAlgorithm =
- req.getParameter("signatureAlgorithm");
+ String signatureAlgorithm =
+ req.getParameter("signatureAlgorithm");
- process(argSet, header, req, resp,
- signatureAlgorithm, locale[0]);
+ process(argSet, header, req, resp,
+ signatureAlgorithm, locale[0]);
} catch (EBaseException e) {
error = e;
}
@@ -184,42 +181,43 @@ public class UpdateCRL extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+ e.toString()));
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
}
- private CRLExtensions crlEntryExtensions (String reason, String invalidity) {
+ private CRLExtensions crlEntryExtensions(String reason, String invalidity) {
CRLExtensions entryExts = new CRLExtensions();
CRLReasonExtension crlReasonExtn = null;
if (reason != null && reason.length() > 0) {
try {
RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason));
- if (revReason == null) revReason = RevocationReason.UNSPECIFIED;
+ if (revReason == null)
+ revReason = RevocationReason.UNSPECIFIED;
crlReasonExtn = new CRLReasonExtension(revReason);
} catch (Exception e) {
- CMS.debug("Invalid revocation reason: "+reason);
+ CMS.debug("Invalid revocation reason: " + reason);
}
}
@@ -229,15 +227,15 @@ public class UpdateCRL extends CMSServlet {
Date invalidityDate = null;
try {
long backInTime = Long.parseLong(invalidity);
- invalidityDate = new Date(now-(backInTime*60000));
+ invalidityDate = new Date(now - (backInTime * 60000));
} catch (Exception e) {
- CMS.debug("Invalid invalidity time offset: "+invalidity);
+ CMS.debug("Invalid invalidity time offset: " + invalidity);
}
if (invalidityDate != null) {
try {
invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
} catch (Exception e) {
- CMS.debug("Error creating invalidity extension: "+e);
+ CMS.debug("Error creating invalidity extension: " + e);
}
}
}
@@ -246,7 +244,7 @@ public class UpdateCRL extends CMSServlet {
try {
entryExts.set(crlReasonExtn.getName(), crlReasonExtn);
} catch (Exception e) {
- CMS.debug("Error adding revocation reason extension to entry extensions: "+e);
+ CMS.debug("Error adding revocation reason extension to entry extensions: " + e);
}
}
@@ -254,7 +252,7 @@ public class UpdateCRL extends CMSServlet {
try {
entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn);
} catch (Exception e) {
- CMS.debug("Error adding invalidity date extension to entry extensions: "+e);
+ CMS.debug("Error adding invalidity date extension to entry extensions: " + e);
}
}
@@ -293,18 +291,18 @@ public class UpdateCRL extends CMSServlet {
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String signatureAlgorithm,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String signatureAlgorithm,
+ Locale locale)
+ throws EBaseException {
long startTime = CMS.getCurrentDate().getTime();
- String waitForUpdate =
- req.getParameter("waitForUpdate");
- String clearCache =
- req.getParameter("clearCRLCache");
- String crlIssuingPointId =
- req.getParameter("crlIssuingPoint");
+ String waitForUpdate =
+ req.getParameter("waitForUpdate");
+ String clearCache =
+ req.getParameter("clearCRLCache");
+ String crlIssuingPointId =
+ req.getParameter("crlIssuingPoint");
String test = req.getParameter("test");
String add = req.getParameter("add");
String from = req.getParameter("from");
@@ -317,45 +315,46 @@ public class UpdateCRL extends CMSServlet {
Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
while (ips.hasMoreElements()) {
- ICRLIssuingPoint ip = ips.nextElement();
+ ICRLIssuingPoint ip = ips.nextElement();
if (crlIssuingPointId.equals(ip.getId())) {
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
if (crlIssuingPointId == null) {
crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL;
}
- ICRLIssuingPoint crlIssuingPoint =
- mCA.getCRLIssuingPoint(crlIssuingPointId);
+ ICRLIssuingPoint crlIssuingPoint =
+ mCA.getCRLIssuingPoint(crlIssuingPointId);
header.addStringValue("crlIssuingPoint", crlIssuingPointId);
IPublisherProcessor lpm = mCA.getPublisherProcessor();
if (crlIssuingPoint != null) {
if (clearCache != null && clearCache.equals("true") &&
- crlIssuingPoint.isCRLGenerationEnabled() &&
- crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
- crlIssuingPoint.isCRLIssuingPointInitialized()
+ crlIssuingPoint.isCRLGenerationEnabled() &&
+ crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
+ crlIssuingPoint.isCRLIssuingPointInitialized()
== ICRLIssuingPoint.CRL_IP_INITIALIZED) {
crlIssuingPoint.clearCRLCache();
}
if (waitForUpdate != null && waitForUpdate.equals("true") &&
- crlIssuingPoint.isCRLGenerationEnabled() &&
- crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
- crlIssuingPoint.isCRLIssuingPointInitialized()
+ crlIssuingPoint.isCRLGenerationEnabled() &&
+ crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
+ crlIssuingPoint.isCRLIssuingPointInitialized()
== ICRLIssuingPoint.CRL_IP_INITIALIZED) {
if (test != null && test.equals("true") &&
- crlIssuingPoint.isCRLCacheTestingEnabled() &&
- (!mTesting.contains(crlIssuingPointId))) {
+ crlIssuingPoint.isCRLCacheTestingEnabled() &&
+ (!mTesting.contains(crlIssuingPointId))) {
CMS.debug("CRL test started.");
mTesting.add(crlIssuingPointId);
BigInteger addLen = null;
BigInteger startFrom = null;
if (add != null && add.length() > 0 &&
- from != null && from.length() > 0) {
+ from != null && from.length() > 0) {
try {
addLen = new BigInteger(add);
startFrom = new BigInteger(from);
@@ -366,7 +365,7 @@ public class UpdateCRL extends CMSServlet {
Date revocationDate = CMS.getCurrentDate();
String err = null;
- CRLExtensions entryExts = crlEntryExtensions (reason, invalidity);
+ CRLExtensions entryExts = crlEntryExtensions(reason, invalidity);
BigInteger serialNumber = startFrom;
BigInteger counter = addLen;
@@ -380,16 +379,16 @@ public class UpdateCRL extends CMSServlet {
long t1 = System.currentTimeMillis();
long t2 = 0;
-
+
while (counter.compareTo(BigInteger.ZERO) > 0) {
RevokedCertImpl revokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExts);
+ new RevokedCertImpl(serialNumber, revocationDate, entryExts);
crlIssuingPoint.addRevokedCert(serialNumber, revokedCert);
serialNumber = serialNumber.add(BigInteger.ONE);
counter = counter.subtract(BigInteger.ONE);
if ((counter.compareTo(BigInteger.ZERO) == 0) ||
- (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
+ (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
t2 = System.currentTimeMillis();
long t0 = t2 - t1;
t1 = t2;
@@ -465,40 +464,40 @@ public class UpdateCRL extends CMSServlet {
String agentId = (String) sContext.get(SessionContext.USER_ID);
IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
long endTime = CMS.getCurrentDate().getTime();
if (crlIssuingPoint.getNextUpdate() != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.CRLUPDATEFORMAT,
- new Object[] {
- AuditFormat.FROMAGENT + " agentID: " + agentId,
- authMgr,
- "completed",
- crlIssuingPoint.getId(),
- crlIssuingPoint.getCRLNumber(),
- crlIssuingPoint.getLastUpdate(),
- crlIssuingPoint.getNextUpdate(),
- Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
- );
- }else {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.CRLUPDATEFORMAT,
- new Object[] {
- AuditFormat.FROMAGENT + " agentID: " + agentId,
- authMgr,
- "completed",
- crlIssuingPoint.getId(),
- crlIssuingPoint.getCRLNumber(),
- crlIssuingPoint.getLastUpdate(),
- "not set",
- Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.CRLUPDATEFORMAT,
+ new Object[] {
+ AuditFormat.FROMAGENT + " agentID: " + agentId,
+ authMgr,
+ "completed",
+ crlIssuingPoint.getId(),
+ crlIssuingPoint.getCRLNumber(),
+ crlIssuingPoint.getLastUpdate(),
+ crlIssuingPoint.getNextUpdate(),
+ Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) }
+ );
+ } else {
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.CRLUPDATEFORMAT,
+ new Object[] {
+ AuditFormat.FROMAGENT + " agentID: " + agentId,
+ authMgr,
+ "completed",
+ crlIssuingPoint.getId(),
+ crlIssuingPoint.getCRLNumber(),
+ crlIssuingPoint.getLastUpdate(),
+ "not set",
+ Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) }
+ );
}
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString()));
@@ -511,8 +510,7 @@ public class UpdateCRL extends CMSServlet {
}
}
} else {
- if (crlIssuingPoint.isCRLIssuingPointInitialized()
- != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
header.addStringValue("crlUpdate", "notInitialized");
} else if (crlIssuingPoint.isCRLUpdateInProgress()
!= ICRLIssuingPoint.CRL_UPDATE_DONE ||
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
index ccba3362..27de7b28 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Enumeration;
@@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Update the configured LDAP server with specified objects
- *
+ *
* @version $Revision$, $Date$
*/
public class UpdateDir extends CMSServlet {
@@ -85,12 +83,12 @@ public class UpdateDir extends CMSServlet {
private final static int REVOKED_FROM = 10;
private final static int REVOKED_TO = 11;
private final static int CHECK_FLAG = 12;
- private final static String[] updateName =
- {"updateAll", "updateCRL", "updateCA",
- "updateValid", "validFrom", "validTo",
- "updateExpired", "expiredFrom", "expiredTo",
- "updateRevoked", "revokedFrom", "revokedTo",
- "checkFlag"};
+ private final static String[] updateName =
+ { "updateAll", "updateCRL", "updateCA",
+ "updateValid", "validFrom", "validTo",
+ "updateExpired", "expiredFrom", "expiredTo",
+ "updateRevoked", "revokedFrom", "revokedTo",
+ "checkFlag" };
private String mFormPath = null;
private ICertificateAuthority mCA = null;
@@ -112,7 +110,7 @@ public class UpdateDir extends CMSServlet {
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
- if( mAuthority != null ) {
+ if (mAuthority != null) {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
mCA = (ICertificateAuthority) mAuthority;
@@ -129,8 +127,8 @@ public class UpdateDir extends CMSServlet {
}
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -146,10 +144,10 @@ public class UpdateDir extends CMSServlet {
mAuthzResourceName, "update");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -169,17 +167,17 @@ public class UpdateDir extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
String crlIssuingPointId = req.getParameter("crlIssuingPoint");
if (mPublisherProcessor == null ||
- !mPublisherProcessor.enabled())
+ !mPublisherProcessor.enabled())
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
String[] updateValue = new String[updateName.length];
@@ -191,7 +189,7 @@ public class UpdateDir extends CMSServlet {
String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
if (masterHost != null && masterHost.length() > 0 &&
- masterPort != null && masterPort.length() > 0) {
+ masterPort != null && masterPort.length() > 0) {
mClonedCA = true;
}
@@ -206,29 +204,29 @@ public class UpdateDir extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void updateCRLIssuingPoint(
- IArgBlock header,
- String crlIssuingPointId,
- ICRLIssuingPoint crlIssuingPoint,
- Locale locale) {
+ IArgBlock header,
+ String crlIssuingPointId,
+ ICRLIssuingPoint crlIssuingPoint,
+ Locale locale) {
SessionContext sc = SessionContext.getContext();
sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId);
@@ -237,28 +235,28 @@ public class UpdateDir extends CMSServlet {
try {
if (mCRLRepository != null) {
- crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
+ crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
}
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
}
if (crlRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
header.addStringValue("crlPublished", "Failure");
header.addStringValue("crlError",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
} else {
- String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null;
+ String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null;
byte[] crlbytes = crlRecord.getCRL();
if (crlbytes == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
header.addStringValue("crlPublished", "Failure");
header.addStringValue("crlError",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
} else {
X509CRLImpl crl = null;
@@ -271,13 +269,13 @@ public class UpdateDir extends CMSServlet {
if (crl == null) {
header.addStringValue("crlPublished", "Failure");
header.addStringValue("crlError",
- new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString());
+ new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
} else {
try {
if (publishDN != null) {
mPublisherProcessor.publishCRL(publishDN, crl);
} else {
- mPublisherProcessor.publishCRL(crl,crlIssuingPointId);
+ mPublisherProcessor.publishCRL(crl, crlIssuingPointId);
}
header.addStringValue("crlPublished", "Success");
} catch (ELdapException e) {
@@ -307,20 +305,20 @@ public class UpdateDir extends CMSServlet {
BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
Long deltaCRLSize = crlRecord.getDeltaCRLSize();
if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 &&
- crlNumber != null && deltaNumber != null &&
- deltaNumber.compareTo(crlNumber) >= 0) {
+ crlNumber != null && deltaNumber != null &&
+ deltaNumber.compareTo(crlNumber) >= 0) {
goodDelta = true;
}
}
if (deltaCrl != null && ((mClonedCA && goodDelta) ||
- (crlIssuingPoint != null &&
- crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
+ (crlIssuingPoint != null &&
+ crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
try {
if (publishDN != null) {
mPublisherProcessor.publishCRL(publishDN, deltaCrl);
} else {
- mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId);
+ mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId);
}
} catch (ELdapException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
@@ -331,16 +329,16 @@ public class UpdateDir extends CMSServlet {
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String crlIssuingPointId,
- String[] updateValue,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String crlIssuingPointId,
+ String[] updateValue,
+ Locale locale)
+ throws EBaseException {
// all or crl
if ((updateValue[UPDATE_ALL] != null &&
updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_CRL] != null &&
+ (updateValue[UPDATE_CRL] != null &&
updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) {
// check if received issuing point ID is known to the server
if (crlIssuingPointId != null) {
@@ -352,7 +350,8 @@ public class UpdateDir extends CMSServlet {
if (crlIssuingPointId.equals(ip.getId())) {
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
if (crlIssuingPointId == null) {
@@ -361,7 +360,7 @@ public class UpdateDir extends CMSServlet {
Vector ipNames = mCRLRepository.getIssuingPointsNames();
if (ipNames != null && ipNames.size() > 0) {
for (int i = 0; i < ipNames.size(); i++) {
- String ipName = (String)ipNames.elementAt(i);
+ String ipName = (String) ipNames.elementAt(i);
updateCRLIssuingPoint(header, ipName, null, locale);
}
@@ -377,11 +376,11 @@ public class UpdateDir extends CMSServlet {
}
} else {
ICRLIssuingPoint crlIssuingPoint =
- mCA.getCRLIssuingPoint(crlIssuingPointId);
+ mCA.getCRLIssuingPoint(crlIssuingPointId);
ICRLIssuingPointRecord crlRecord = null;
- updateCRLIssuingPoint(header, crlIssuingPointId,
- crlIssuingPoint, locale);
+ updateCRLIssuingPoint(header, crlIssuingPointId,
+ crlIssuingPoint, locale);
}
}
@@ -390,7 +389,7 @@ public class UpdateDir extends CMSServlet {
// all or ca
if ((updateValue[UPDATE_ALL] != null &&
updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_CA] != null &&
+ (updateValue[UPDATE_CA] != null &&
updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) {
X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
@@ -408,7 +407,7 @@ public class UpdateDir extends CMSServlet {
// all or valid
if ((updateValue[UPDATE_ALL] != null &&
updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_VALID] != null &&
+ (updateValue[UPDATE_VALID] != null &&
updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) {
if (certificateRepository != null) {
if (updateValue[VALID_FROM].startsWith("0x")) {
@@ -420,16 +419,16 @@ public class UpdateDir extends CMSServlet {
Enumeration validCerts = null;
if (updateValue[CHECK_FLAG] != null &&
- updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
- validCerts =
+ updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+ validCerts =
certificateRepository.getValidNotPublishedCertificates(
- updateValue[VALID_FROM],
- updateValue[VALID_TO]);
+ updateValue[VALID_FROM],
+ updateValue[VALID_TO]);
} else {
- validCerts =
+ validCerts =
certificateRepository.getValidCertificates(
- updateValue[VALID_FROM],
- updateValue[VALID_TO]);
+ updateValue[VALID_FROM],
+ updateValue[VALID_TO]);
}
int i = 0;
int l = 0;
@@ -438,7 +437,7 @@ public class UpdateDir extends CMSServlet {
if (validCerts != null) {
while (validCerts.hasMoreElements()) {
ICertRecord certRecord =
- (ICertRecord) validCerts.nextElement();
+ (ICertRecord) validCerts.nextElement();
//X509CertImpl cert = certRecord.getCertificate();
X509CertImpl cert = null;
Object o = certRecord.getCertificate();
@@ -454,9 +453,9 @@ public class UpdateDir extends CMSServlet {
// ca's self signed signing cert and
// server cert has no related request and
// have no metaInfo
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
- cert.getSerialNumber().toString(16)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+ cert.getSerialNumber().toString(16)));
} else {
ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
}
@@ -465,55 +464,55 @@ public class UpdateDir extends CMSServlet {
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
r = mCA.getRequestQueue().findRequest(rid);
- }
+ }
try {
l++;
- SessionContext sc = SessionContext.getContext();
+ SessionContext sc = SessionContext.getContext();
if (r == null) {
if (CMS.isEncryptionCert(cert))
sc.put((Object) "isEncryptionCert", (Object) "true");
- else
+ else
sc.put((Object) "isEncryptionCert", (Object) "false");
mPublisherProcessor.publishCert(cert, null);
} else {
if (CMS.isEncryptionCert(cert))
r.setExtData("isEncryptionCert", "true");
- else
+ else
r.setExtData("isEncryptionCert", "false");
mPublisherProcessor.publishCert(cert, r);
}
i++;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
+ e.toString()));
validCertsError +=
"Failed to publish certificate: 0x" +
- certRecord.getSerialNumber().toString(16) +
- ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+ certRecord.getSerialNumber().toString(16) +
+ ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
}
}
}
if (i > 0 && i == l) {
header.addStringValue("validCertsPublished",
- "Success");
+ "Success");
if (i == 1)
- header.addStringValue("validCertsError", i +
- " valid certificate is published in the directory.");
+ header.addStringValue("validCertsError", i +
+ " valid certificate is published in the directory.");
else
- header.addStringValue("validCertsError", i +
- " valid certificates are published in the directory.");
+ header.addStringValue("validCertsError", i +
+ " valid certificates are published in the directory.");
} else {
if (l == 0) {
header.addStringValue("validCertsPublished", "No");
} else {
header.addStringValue("validCertsPublished", "Failure");
- header.addStringValue("validCertsError",
- validCertsError);
+ header.addStringValue("validCertsError",
+ validCertsError);
}
}
} else {
@@ -525,7 +524,7 @@ public class UpdateDir extends CMSServlet {
// all or expired
if ((updateValue[UPDATE_ALL] != null &&
updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_EXPIRED] != null &&
+ (updateValue[UPDATE_EXPIRED] != null &&
updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) {
if (certificateRepository != null) {
if (updateValue[EXPIRED_FROM].startsWith("0x")) {
@@ -537,25 +536,25 @@ public class UpdateDir extends CMSServlet {
Enumeration expiredCerts = null;
if (updateValue[CHECK_FLAG] != null &&
- updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+ updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
expiredCerts =
certificateRepository.getExpiredPublishedCertificates(
- updateValue[EXPIRED_FROM],
- updateValue[EXPIRED_TO]);
+ updateValue[EXPIRED_FROM],
+ updateValue[EXPIRED_TO]);
} else {
expiredCerts =
certificateRepository.getExpiredCertificates(
- updateValue[EXPIRED_FROM],
- updateValue[EXPIRED_TO]);
+ updateValue[EXPIRED_FROM],
+ updateValue[EXPIRED_TO]);
}
int i = 0;
int l = 0;
StringBuffer expiredCertsError = new StringBuffer();
- if (expiredCerts != null) {
+ if (expiredCerts != null) {
while (expiredCerts.hasMoreElements()) {
ICertRecord certRecord =
- (ICertRecord) expiredCerts.nextElement();
+ (ICertRecord) expiredCerts.nextElement();
//X509CertImpl cert = certRecord.getCertificate();
X509CertImpl cert = null;
Object o = certRecord.getCertificate();
@@ -571,9 +570,9 @@ public class UpdateDir extends CMSServlet {
// ca's self signed signing cert and
// server cert has no related request and
// have no metaInfo
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
- cert.getSerialNumber().toString(16)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+ cert.getSerialNumber().toString(16)));
} else {
ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
}
@@ -582,9 +581,9 @@ public class UpdateDir extends CMSServlet {
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
r = mCA.getRequestQueue().findRequest(rid);
- }
+ }
try {
l++;
@@ -595,10 +594,10 @@ public class UpdateDir extends CMSServlet {
}
i++;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
- certRecord.getSerialNumber().toString(16),
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+ certRecord.getSerialNumber().toString(16),
+ e.toString()));
expiredCertsError.append(
"Failed to unpublish certificate: 0x");
expiredCertsError.append(
@@ -611,18 +610,18 @@ public class UpdateDir extends CMSServlet {
if (i > 0 && i == l) {
header.addStringValue("expiredCertsUnpublished", "Success");
if (i == 1)
- header.addStringValue("expiredCertsError", i +
- " expired certificate is unpublished in the directory.");
+ header.addStringValue("expiredCertsError", i +
+ " expired certificate is unpublished in the directory.");
else
- header.addStringValue("expiredCertsError", i +
- " expired certificates are unpublished in the directory.");
+ header.addStringValue("expiredCertsError", i +
+ " expired certificates are unpublished in the directory.");
} else {
if (l == 0) {
header.addStringValue("expiredCertsUnpublished", "No");
} else {
header.addStringValue("expiredCertsUnpublished", "Failure");
- header.addStringValue("expiredCertsError",
- expiredCertsError.toString());
+ header.addStringValue("expiredCertsError",
+ expiredCertsError.toString());
}
}
} else {
@@ -634,7 +633,7 @@ public class UpdateDir extends CMSServlet {
// all or revoked
if ((updateValue[UPDATE_ALL] != null &&
updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_REVOKED] != null &&
+ (updateValue[UPDATE_REVOKED] != null &&
updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) {
if (certificateRepository != null) {
if (updateValue[REVOKED_FROM].startsWith("0x")) {
@@ -646,25 +645,25 @@ public class UpdateDir extends CMSServlet {
Enumeration revokedCerts = null;
if (updateValue[CHECK_FLAG] != null &&
- updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+ updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
revokedCerts =
certificateRepository.getRevokedPublishedCertificates(
- updateValue[REVOKED_FROM],
- updateValue[REVOKED_TO]);
+ updateValue[REVOKED_FROM],
+ updateValue[REVOKED_TO]);
} else {
revokedCerts =
certificateRepository.getRevokedCertificates(
- updateValue[REVOKED_FROM],
- updateValue[REVOKED_TO]);
+ updateValue[REVOKED_FROM],
+ updateValue[REVOKED_TO]);
}
int i = 0;
int l = 0;
String revokedCertsError = "";
- if (revokedCerts != null) {
+ if (revokedCerts != null) {
while (revokedCerts.hasMoreElements()) {
ICertRecord certRecord =
- (ICertRecord) revokedCerts.nextElement();
+ (ICertRecord) revokedCerts.nextElement();
//X509CertImpl cert = certRecord.getCertificate();
X509CertImpl cert = null;
Object o = certRecord.getCertificate();
@@ -680,9 +679,9 @@ public class UpdateDir extends CMSServlet {
// ca's self signed signing cert and
// server cert has no related request and
// have no metaInfo
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
- cert.getSerialNumber().toString(16)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+ cert.getSerialNumber().toString(16)));
} else {
ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
}
@@ -691,9 +690,9 @@ public class UpdateDir extends CMSServlet {
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
r = mCA.getRequestQueue().findRequest(rid);
- }
+ }
try {
l++;
@@ -704,32 +703,32 @@ public class UpdateDir extends CMSServlet {
}
i++;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
- certRecord.getSerialNumber().toString(16),
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+ certRecord.getSerialNumber().toString(16),
+ e.toString()));
revokedCertsError +=
"Failed to unpublish certificate: 0x" +
- certRecord.getSerialNumber().toString(16) +
- ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+ certRecord.getSerialNumber().toString(16) +
+ ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
}
}
}
if (i > 0 && i == l) {
header.addStringValue("revokedCertsUnpublished", "Success");
if (i == 1)
- header.addStringValue("revokedCertsError", i +
- " revoked certificate is unpublished in the directory.");
+ header.addStringValue("revokedCertsError", i +
+ " revoked certificate is unpublished in the directory.");
else
- header.addStringValue("revokedCertsError", i +
- " revoked certificates are unpublished in the directory.");
+ header.addStringValue("revokedCertsError", i +
+ " revoked certificates are unpublished in the directory.");
} else {
if (l == 0) {
header.addStringValue("revokedCertsUnpublished", "No");
} else {
header.addStringValue("revokedCertsUnpublished", "Failure");
- header.addStringValue("revokedCertsError",
- revokedCertsError);
+ header.addStringValue("revokedCertsError",
+ revokedCertsError);
}
}
} else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
index f181e156..da78a38e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -122,242 +122,234 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.profile.SSLClientCertProvider;
import com.netscape.cmsutil.scep.CRSPKIMessage;
-
/**
* This servlet deals with PKCS#10-based certificate requests from
* CRS, now called SCEP, and defined at:
- * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
+ * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
*
* The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe
- *
+ *
* The HTTP parameters are 'operation' and 'message'
* operation can be either 'GetCACert' or 'PKIOperation'
- *
+ *
* @version $Revision$, $Date$
*/
-public class CRSEnrollment extends HttpServlet
-{
- /**
+public class CRSEnrollment extends HttpServlet {
+ /**
*
*/
private static final long serialVersionUID = 8483002540957382369L;
-protected IProfileSubsystem mProfileSubsystem = null;
- protected String mProfileId = null;
- protected ICertAuthority mAuthority;
- protected IConfigStore mConfig = null;
- protected IAuthSubsystem mAuthSubsystem;
- protected String mAppendDN=null;
- protected String mEntryObjectclass=null;
- protected boolean mCreateEntry=false;
- protected boolean mFlattenDN=false;
-
- private String mAuthManagerName;
- private String mSubstoreName;
- private boolean mEnabled = false;
- private boolean mUseCA = true;
- private String mNickname = null;
- private String mTokenName = "";
- private String mHashAlgorithm = "SHA1";
- private String mHashAlgorithmList = null;
- private String[] mAllowedHashAlgorithm;
- private String mConfiguredEncryptionAlgorithm = "DES3";
- private String mEncryptionAlgorithm = "DES3";
- private String mEncryptionAlgorithmList = null;
- private String[] mAllowedEncryptionAlgorithm;
- private Random mRandom = null;
- private int mNonceSizeLimit = 0;
- protected ILogger mLogger = CMS.getLogger();
- private ICertificateAuthority ca;
- /* for hashing challenge password */
- protected MessageDigest mSHADigest = null;
-
- private static final String PROP_SUBSTORENAME = "substorename";
- private static final String PROP_AUTHORITY = "authority";
- private static final String PROP_CRS = "crs";
- private static final String PROP_CRSCA = "casubsystem";
- private static final String PROP_CRSAUTHMGR = "authName";
- private static final String PROP_APPENDDN = "appendDN";
- private static final String PROP_CREATEENTRY= "createEntry";
- private static final String PROP_FLATTENDN = "flattenDN";
- private static final String PROP_ENTRYOC = "entryObjectclass";
-
- // URL parameters
- private static final String URL_OPERATION = "operation";
- private static final String URL_MESSAGE = "message";
-
- // possible values for 'operation'
- private static final String OP_GETCACERT = "GetCACert";
- private static final String OP_PKIOPERATION = "PKIOperation";
-
- public static final String AUTH_PASSWORD = "pwd";
-
- public static final String AUTH_CREDS = "AuthCreds";
- public static final String AUTH_TOKEN = "AuthToken";
- public static final String AUTH_FAILED = "AuthFailed";
-
- public static final String SANE_DNSNAME = "DNSName";
- public static final String SANE_IPADDRESS = "IPAddress";
-
- public static final String CERTINFO = "CertInfo";
- public static final String SUBJECTNAME = "SubjectName";
-
-
- public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
- public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
- public static ObjectIdentifier OID_SERIALNUMBER = null;
-
- public CRSEnrollment(){}
-
- public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
- Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
- @SuppressWarnings("unchecked")
- Enumeration<String> names = req.getParameterNames();
- while (names.hasMoreElements()) {
- String name = (String)names.nextElement();
- httpReqHash.put(name, req.getParameter(name));
- }
- return httpReqHash;
- }
-
- public void init(ServletConfig sc) {
- // Find the CertificateAuthority we should use for CRS.
- String crsCA = sc.getInitParameter(PROP_AUTHORITY);
- if (crsCA == null)
- crsCA = "ca";
- mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
- ca = (ICertificateAuthority)mAuthority;
-
- if (mAuthority == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA));
- }
-
- try {
- if (mAuthority instanceof ISubsystem) {
- IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore();
- IConfigStore scepConfig = authorityConfig.getSubStore("scep");
- mEnabled = scepConfig.getBoolean("enable", false);
- mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
- mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
- mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
- mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
- mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
- mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
- mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
- mNickname = scepConfig.getString("nickname", ca.getNickname());
- if (mNickname.equals(ca.getNickname())) {
- mTokenName = ca.getSigningUnit().getTokenName();
- } else {
- mTokenName = scepConfig.getString("tokenname", "");
- mUseCA = false;
- }
- if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
- mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
- mTokenName.length() == 0)) {
- int i = mNickname.indexOf(':');
- if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
- mNickname = mTokenName + ":" + mNickname;
- }
- }
- }
- } catch (EBaseException e) {
- CMS.debug("CRSEnrollment: init: EBaseException: "+e);
- }
- mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
- CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+".");
- CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname);
- CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname());
- CMS.debug("CRSEnrollment: init: Token name: "+mTokenName);
- CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA);
- CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit);
- CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm);
- CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList);
- for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
- mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
- CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]);
- }
- CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm);
- CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList);
- for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
- mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
- CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]);
- }
-
- try {
- mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile");
- mProfileId = sc.getInitParameter("profileId");
- CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId);
-
- mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
- mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
- mAppendDN = sc.getInitParameter(PROP_APPENDDN);
- String tmp = sc.getInitParameter(PROP_CREATEENTRY);
- if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
- mCreateEntry = true;
- else
- mCreateEntry = false;
- tmp = sc.getInitParameter(PROP_FLATTENDN);
- if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
- mFlattenDN = true;
- else
- mFlattenDN = false;
- mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
- if (mEntryObjectclass == null)
- mEntryObjectclass = "cep";
- mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
- if (mSubstoreName == null)
- mSubstoreName = "default";
- } catch (Exception e) {
- }
-
- OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
- OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
- OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
-
-
- try {
- mSHADigest = MessageDigest.getInstance("SHA1");
+ protected IProfileSubsystem mProfileSubsystem = null;
+ protected String mProfileId = null;
+ protected ICertAuthority mAuthority;
+ protected IConfigStore mConfig = null;
+ protected IAuthSubsystem mAuthSubsystem;
+ protected String mAppendDN = null;
+ protected String mEntryObjectclass = null;
+ protected boolean mCreateEntry = false;
+ protected boolean mFlattenDN = false;
+
+ private String mAuthManagerName;
+ private String mSubstoreName;
+ private boolean mEnabled = false;
+ private boolean mUseCA = true;
+ private String mNickname = null;
+ private String mTokenName = "";
+ private String mHashAlgorithm = "SHA1";
+ private String mHashAlgorithmList = null;
+ private String[] mAllowedHashAlgorithm;
+ private String mConfiguredEncryptionAlgorithm = "DES3";
+ private String mEncryptionAlgorithm = "DES3";
+ private String mEncryptionAlgorithmList = null;
+ private String[] mAllowedEncryptionAlgorithm;
+ private Random mRandom = null;
+ private int mNonceSizeLimit = 0;
+ protected ILogger mLogger = CMS.getLogger();
+ private ICertificateAuthority ca;
+ /* for hashing challenge password */
+ protected MessageDigest mSHADigest = null;
+
+ private static final String PROP_SUBSTORENAME = "substorename";
+ private static final String PROP_AUTHORITY = "authority";
+ private static final String PROP_CRS = "crs";
+ private static final String PROP_CRSCA = "casubsystem";
+ private static final String PROP_CRSAUTHMGR = "authName";
+ private static final String PROP_APPENDDN = "appendDN";
+ private static final String PROP_CREATEENTRY = "createEntry";
+ private static final String PROP_FLATTENDN = "flattenDN";
+ private static final String PROP_ENTRYOC = "entryObjectclass";
+
+ // URL parameters
+ private static final String URL_OPERATION = "operation";
+ private static final String URL_MESSAGE = "message";
+
+ // possible values for 'operation'
+ private static final String OP_GETCACERT = "GetCACert";
+ private static final String OP_PKIOPERATION = "PKIOperation";
+
+ public static final String AUTH_PASSWORD = "pwd";
+
+ public static final String AUTH_CREDS = "AuthCreds";
+ public static final String AUTH_TOKEN = "AuthToken";
+ public static final String AUTH_FAILED = "AuthFailed";
+
+ public static final String SANE_DNSNAME = "DNSName";
+ public static final String SANE_IPADDRESS = "IPAddress";
+
+ public static final String CERTINFO = "CertInfo";
+ public static final String SUBJECTNAME = "SubjectName";
+
+ public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
+ public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
+ public static ObjectIdentifier OID_SERIALNUMBER = null;
+
+ public CRSEnrollment() {
+ }
+
+ public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
+ Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
+ @SuppressWarnings("unchecked")
+ Enumeration<String> names = req.getParameterNames();
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ httpReqHash.put(name, req.getParameter(name));
+ }
+ return httpReqHash;
+ }
+
+ public void init(ServletConfig sc) {
+ // Find the CertificateAuthority we should use for CRS.
+ String crsCA = sc.getInitParameter(PROP_AUTHORITY);
+ if (crsCA == null)
+ crsCA = "ca";
+ mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
+ ca = (ICertificateAuthority) mAuthority;
+
+ if (mAuthority == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA));
+ }
+
+ try {
+ if (mAuthority instanceof ISubsystem) {
+ IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore();
+ IConfigStore scepConfig = authorityConfig.getSubStore("scep");
+ mEnabled = scepConfig.getBoolean("enable", false);
+ mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
+ mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
+ mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
+ mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
+ mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
+ mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
+ mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
+ mNickname = scepConfig.getString("nickname", ca.getNickname());
+ if (mNickname.equals(ca.getNickname())) {
+ mTokenName = ca.getSigningUnit().getTokenName();
+ } else {
+ mTokenName = scepConfig.getString("tokenname", "");
+ mUseCA = false;
+ }
+ if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+ mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) {
+ int i = mNickname.indexOf(':');
+ if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
+ mNickname = mTokenName + ":" + mNickname;
+ }
+ }
+ }
+ } catch (EBaseException e) {
+ CMS.debug("CRSEnrollment: init: EBaseException: " + e);
+ }
+ mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
+ CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + ".");
+ CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname);
+ CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname());
+ CMS.debug("CRSEnrollment: init: Token name: " + mTokenName);
+ CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA);
+ CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit);
+ CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm);
+ CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList);
+ for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
+ mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
+ CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]);
+ }
+ CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm);
+ CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList);
+ for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
+ mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
+ CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]);
+ }
+
+ try {
+ mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile");
+ mProfileId = sc.getInitParameter("profileId");
+ CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId);
+
+ mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
+ mAppendDN = sc.getInitParameter(PROP_APPENDDN);
+ String tmp = sc.getInitParameter(PROP_CREATEENTRY);
+ if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+ mCreateEntry = true;
+ else
+ mCreateEntry = false;
+ tmp = sc.getInitParameter(PROP_FLATTENDN);
+ if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+ mFlattenDN = true;
+ else
+ mFlattenDN = false;
+ mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
+ if (mEntryObjectclass == null)
+ mEntryObjectclass = "cep";
+ mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
+ if (mSubstoreName == null)
+ mSubstoreName = "default";
+ } catch (Exception e) {
+ }
+
+ OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
+ OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
+ OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
+
+ try {
+ mSHADigest = MessageDigest.getInstance("SHA1");
+ } catch (NoSuchAlgorithmException e) {
+ }
+
+ mRandom = new Random();
}
- catch (NoSuchAlgorithmException e) {
- }
-
- mRandom = new Random();
- }
-
-
- /**
- *
- * Service a CRS Request. It all starts here. This is where the message from the
- * router is processed
- *
- * @param httpReq The HttpServletRequest.
- * @param httpResp The HttpServletResponse.
- *
- */
- public void service(HttpServletRequest httpReq,
+
+ /**
+ *
+ * Service a CRS Request. It all starts here. This is where the message from the
+ * router is processed
+ *
+ * @param httpReq The HttpServletRequest.
+ * @param httpResp The HttpServletResponse.
+ *
+ */
+ public void service(HttpServletRequest httpReq,
HttpServletResponse httpResp)
- throws ServletException
- {
- boolean running_state = CMS.isInRunningState();
- if (!running_state)
- throw new ServletException(
- "CMS server is not ready to serve.");
+ throws ServletException {
+ boolean running_state = CMS.isInRunningState();
+ if (!running_state)
+ throw new ServletException(
+ "CMS server is not ready to serve.");
String operation = null;
- String message = null;
+ String message = null;
mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-
-
+
// Parse the URL from the HTTP Request. Split it up into
// a structure which enables us to read the form elements
IArgBlock input = CMS.createArgBlock(toHashtable(httpReq));
-
- try {
+
+ try {
// Read in two form parameters - the router sets these
- operation = (String)input.get(URL_OPERATION);
+ operation = (String) input.get(URL_OPERATION);
CMS.debug("operation=" + operation);
- message = (String)input.get(URL_MESSAGE);
+ message = (String) input.get(URL_MESSAGE);
CMS.debug("message=" + message);
-
+
if (!mEnabled) {
CMS.debug("CRSEnrollment: SCEP support is disabled.");
throw new ServletException("SCEP support is disabled.");
@@ -366,55 +358,48 @@ protected IProfileSubsystem mProfileSubsystem = null;
// 'operation' is mandatory.
throw new ServletException("Bad request: operation missing from URL");
}
-
- /**
- * the router can make two kinds of requests
- * 1) simple request for CA cert
- * 2) encoded, signed, enveloped request for anything else (PKIOperation)
+
+ /**
+ * the router can make two kinds of requests
+ * 1) simple request for CA cert
+ * 2) encoded, signed, enveloped request for anything else (PKIOperation)
*/
-
+
if (operation.equals(OP_GETCACERT)) {
- handleGetCACert(httpReq, httpResp);
- }
- else if (operation.equals(OP_PKIOPERATION)) {
- String decodeMode = (String)input.get("decode");
+ handleGetCACert(httpReq, httpResp);
+ } else if (operation.equals(OP_PKIOPERATION)) {
+ String decodeMode = (String) input.get("decode");
if (decodeMode == null || decodeMode.equals("false")) {
- handlePKIOperation(httpReq, httpResp, message);
+ handlePKIOperation(httpReq, httpResp, message);
} else {
- decodePKIMessage(httpReq, httpResp, message);
+ decodePKIMessage(httpReq, httpResp, message);
}
- }
- else {
+ } else {
CMS.debug("Invalid operation " + operation);
- throw new ServletException("unknown operation requested: "+operation);
+ throw new ServletException("unknown operation requested: " + operation);
}
-
- }
- catch (ServletException e)
- {
+
+ } catch (ServletException e) {
CMS.debug("ServletException " + e);
throw new ServletException(e.getMessage().toString());
+ } catch (Exception e) {
+ CMS.debug("Service exception " + e);
+ log(ILogger.LL_FAILURE, e.getMessage());
}
- catch (Exception e)
- {
- CMS.debug("Service exception " + e);
- log(ILogger.LL_FAILURE,e.getMessage());
- }
-
+
}
/**
- * Log a message to the system log
+ * Log a message to the system log
*/
-
private void log(int level, String msg) {
-
+
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- level, "CEP Enrollment: "+msg);
+ level, "CEP Enrollment: " + msg);
}
- private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) {
+ private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) {
boolean allowed = false;
if (algorithm != null && algorithm.length() > 0) {
@@ -429,7 +414,7 @@ protected IProfileSubsystem mProfileSubsystem = null;
}
public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator,
- HttpServletRequest request) throws EBaseException {
+ HttpServletRequest request) throws EBaseException {
// build credential
Enumeration<String> authNames = authenticator.getValueNames();
@@ -445,314 +430,308 @@ protected IProfileSubsystem mProfileSubsystem = null;
credentials.set("clientHost", request.getRemoteHost());
IAuthToken authToken = authenticator.authenticate(credentials);
if (authToken == null) {
- return null;
+ return null;
}
SessionContext sc = SessionContext.getContext();
if (sc != null) {
- sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
- String userid = authToken.getInString(IAuthToken.USER_ID);
- if (userid != null) {
- sc.put(SessionContext.USER_ID, userid);
- }
+ sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+ String userid = authToken.getInString(IAuthToken.USER_ID);
+ if (userid != null) {
+ sc.put(SessionContext.USER_ID, userid);
+ }
}
return authToken;
}
- /**
- * Return the CA certificate back to the requestor.
- * This needs to be changed so that if the CA has a certificate chain,
- * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
- * signerInfo)
- */
-
- public void handleGetCACert(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException {
- java.security.cert.X509Certificate[] chain = null;
-
- CertificateChain certChain = mAuthority.getCACertChain();
-
- try {
- if (certChain == null) {
- throw new ServletException("Internal Error: cannot get CA Cert");
- }
-
- chain = certChain.getChain();
-
- byte[] bytes = null;
-
- int i = 0;
- String message = (String)httpReq.getParameter(URL_MESSAGE);
- CMS.debug("handleGetCACert message=" + message);
- if (message != null) {
- try {
- int j = Integer.parseInt(message);
- if (j < chain.length) {
- i = j;
- }
- } catch (NumberFormatException e1) {
+ /**
+ * Return the CA certificate back to the requestor.
+ * This needs to be changed so that if the CA has a certificate chain,
+ * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
+ * signerInfo)
+ */
+
+ public void handleGetCACert(HttpServletRequest httpReq,
+ HttpServletResponse httpResp)
+ throws ServletException {
+ java.security.cert.X509Certificate[] chain = null;
+
+ CertificateChain certChain = mAuthority.getCACertChain();
+
+ try {
+ if (certChain == null) {
+ throw new ServletException("Internal Error: cannot get CA Cert");
+ }
+
+ chain = certChain.getChain();
+
+ byte[] bytes = null;
+
+ int i = 0;
+ String message = (String) httpReq.getParameter(URL_MESSAGE);
+ CMS.debug("handleGetCACert message=" + message);
+ if (message != null) {
+ try {
+ int j = Integer.parseInt(message);
+ if (j < chain.length) {
+ i = j;
+ }
+ } catch (NumberFormatException e1) {
+ }
+ }
+ CMS.debug("handleGetCACert selected chain=" + i);
+
+ if (mUseCA) {
+ bytes = chain[i].getEncoded();
+ } else {
+ CryptoContext cx = new CryptoContext();
+ bytes = cx.getSigningCert().getEncoded();
+ }
+
+ httpResp.setContentType("application/x-x509-ca-cert");
+
+ // The following code may be used one day to encode
+ // the RA/CA cert chain for RA mode, but it will need some
+ // work.
+
+ /******
+ * SET certs = new SET();
+ * for (int i=0; i<chain.length; i++) {
+ * ANY cert = new ANY(chain[i].getEncoded());
+ * certs.addElement(cert);
+ * }
+ *
+ * SignedData crsd = new SignedData(
+ * new SET(), // empty set of digestAlgorithmID's
+ * new ContentInfo(
+ * new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
+ * null), //empty content
+ * certs,
+ * null, // no CRL's
+ * new SET() // empty SignerInfos
+ * );
+ *
+ * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
+ *
+ * ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ * wrap.encode(baos);
+ *
+ * bytes = baos.toByteArray();
+ *
+ * httpResp.setContentType("application/x-x509-ca-ra-cert");
+ *****/
+
+ httpResp.setContentLength(bytes.length);
+ httpResp.getOutputStream().write(bytes);
+ httpResp.getOutputStream().flush();
+
+ CMS.debug("Output certificate chain:");
+ CMS.debug(bytes);
+ } catch (Exception e) {
+ CMS.debug("handleGetCACert exception " + e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage()));
+ throw new ServletException("Failed sending DER encoded version of CA cert to client");
+ }
+
+ }
+
+ public String getPasswordFromP10(PKCS10 p10) {
+ PKCS10Attributes p10atts = p10.getAttributes();
+ Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+ try {
+ while (e.hasMoreElements()) {
+ PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+ CertAttrSet attr = p10a.getAttributeValue();
+
+ if (attr.getName().equals(ChallengePassword.NAME)) {
+ if (attr.get(ChallengePassword.PASSWORD) != null) {
+ return (String) attr.get(ChallengePassword.PASSWORD);
+ }
+ }
}
- }
- CMS.debug("handleGetCACert selected chain=" + i);
-
- if (mUseCA) {
- bytes = chain[i].getEncoded();
- } else {
- CryptoContext cx = new CryptoContext();
- bytes = cx.getSigningCert().getEncoded();
- }
-
- httpResp.setContentType("application/x-x509-ca-cert");
-
-
-// The following code may be used one day to encode
-// the RA/CA cert chain for RA mode, but it will need some
-// work.
-
- /******
- SET certs = new SET();
- for (int i=0; i<chain.length; i++) {
- ANY cert = new ANY(chain[i].getEncoded());
- certs.addElement(cert);
- }
-
- SignedData crsd = new SignedData(
- new SET(), // empty set of digestAlgorithmID's
- new ContentInfo(
- new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
- null), //empty content
- certs,
- null, // no CRL's
- new SET() // empty SignerInfos
- );
-
- ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- wrap.encode(baos);
-
- bytes = baos.toByteArray();
-
- httpResp.setContentType("application/x-x509-ca-ra-cert");
- *****/
-
- httpResp.setContentLength(bytes.length);
- httpResp.getOutputStream().write(bytes);
- httpResp.getOutputStream().flush();
-
- CMS.debug("Output certificate chain:");
- CMS.debug(bytes);
- }
- catch (Exception e) {
- CMS.debug("handleGetCACert exception " + e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage()));
- throw new ServletException("Failed sending DER encoded version of CA cert to client");
- }
-
- }
-
- public String getPasswordFromP10(PKCS10 p10)
- {
- PKCS10Attributes p10atts = p10.getAttributes();
- Enumeration<PKCS10Attribute> e = p10atts.getElements();
-
- try {
- while (e.hasMoreElements()) {
- PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
- CertAttrSet attr = p10a.getAttributeValue();
-
- if (attr.getName().equals(ChallengePassword.NAME)) {
- if (attr.get(ChallengePassword.PASSWORD) != null) {
- return (String)attr.get(ChallengePassword.PASSWORD);
- }
- }
- }
- } catch(Exception e1) {
- // do nothing
- }
- return null;
- }
-
- /**
- * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
- * PKIMessage structure. We decode it to see what type message it is.
- */
-
- /**
- * Decodes the PKI message and return information to RA.
- */
- public void decodePKIMessage(HttpServletRequest httpReq,
+ } catch (Exception e1) {
+ // do nothing
+ }
+ return null;
+ }
+
+ /**
+ * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
+ * PKIMessage structure. We decode it to see what type message it is.
+ */
+
+ /**
+ * Decodes the PKI message and return information to RA.
+ */
+ public void decodePKIMessage(HttpServletRequest httpReq,
HttpServletResponse httpResp,
String msg)
- throws ServletException {
-
- CryptoContext cx=null;
-
- CRSPKIMessage req=null;
-
- byte[] decodedPKIMessage;
- byte[] response=null;
- String responseData = "";
-
- decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-
- try {
- ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
- // We make two CRSPKIMessages. One of them, is the request, so we initialize
- // it from the DER given to us from the router.
- // The second is the response, and we'll fill this in as we go.
-
- if (decodedPKIMessage.length < 50) {
- throw new ServletException("CRS request is too small to be a real request ("+
- decodedPKIMessage.length+" bytes)");
- }
- try {
- req = new CRSPKIMessage(is);
- String ea = req.getEncryptionAlgorithm();
- if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
- CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
- throw new ServletException("Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
+ throws ServletException {
+
+ CryptoContext cx = null;
+
+ CRSPKIMessage req = null;
+
+ byte[] decodedPKIMessage;
+ byte[] response = null;
+ String responseData = "";
+
+ decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+ try {
+ ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
+
+ // We make two CRSPKIMessages. One of them, is the request, so we initialize
+ // it from the DER given to us from the router.
+ // The second is the response, and we'll fill this in as we go.
+
+ if (decodedPKIMessage.length < 50) {
+ throw new ServletException("CRS request is too small to be a real request (" +
+ decodedPKIMessage.length + " bytes)");
}
- String da = req.getDigestAlgorithmName();
- if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
- CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
- throw new ServletException("Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
+ try {
+ req = new CRSPKIMessage(is);
+ String ea = req.getEncryptionAlgorithm();
+ if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+ CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '" + ea +
+ "' is not allowed (" + mEncryptionAlgorithmList + ").");
+ throw new ServletException("Encryption algorithm '" + ea +
+ "' is not allowed (" + mEncryptionAlgorithmList + ").");
+ }
+ String da = req.getDigestAlgorithmName();
+ if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+ CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '" + da +
+ "' is not allowed (" + mHashAlgorithmList + ").");
+ throw new ServletException("Hashing algorithm '" + da +
+ "' is not allowed (" + mHashAlgorithmList + ").");
+ }
+ if (ea != null) {
+ mEncryptionAlgorithm = ea;
+ }
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new ServletException("Could not decode the request.");
}
- if (ea != null) {
- mEncryptionAlgorithm = ea;
- }
- }
- catch (Exception e) {
- CMS.debug(e);
- throw new ServletException("Could not decode the request.");
- }
-
- // Create a new crypto context for doing all the crypto operations
- cx = new CryptoContext();
-
- // Verify Signature on message (throws exception if sig bad)
- verifyRequest(req,cx);
- unwrapPKCS10(req,cx);
-
- IProfile profile = mProfileSubsystem.getProfile(mProfileId);
- if (profile == null) {
- CMS.debug("Profile '" + mProfileId + "' not found.");
- throw new ServletException("Profile '" + mProfileId + "' not found.");
- } else {
- CMS.debug("Found profile '" + mProfileId + "'.");
- }
-
- IProfileAuthenticator authenticator = null;
- try {
- CMS.debug("Retrieving authenticator");
- authenticator = profile.getAuthenticator();
- if (authenticator == null) {
- CMS.debug("Authenticator not found.");
- throw new ServletException("Authenticator not found.");
- } else {
- CMS.debug("Got authenticator=" + authenticator.getClass().getName());
- }
- } catch (EProfileException e) {
- throw new ServletException("Authenticator not found.");
- }
- AuthCredentials credentials = new AuthCredentials();
- IAuthToken authToken = null;
- // for ssl authentication; pass in servlet for retrieving
- // ssl client certificates
- SessionContext context = SessionContext.getContext();
-
- // insert profile context so that input parameter can be retrieved
- context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
-
- try {
- authToken = authenticate(credentials, authenticator, httpReq);
- } catch (Exception e) {
- CMS.debug("Authentication failure: "+ e.getMessage());
- throw new ServletException("Authentication failure: "+ e.getMessage());
- }
- if (authToken == null) {
- CMS.debug("Authentication failure.");
- throw new ServletException("Authentication failure.");
- }
-
- // Deal with Transaction ID
- String transactionID = req.getTransactionID();
- responseData = responseData +
- "<TransactionID>" + transactionID + "</TransactionID>";
-
- // End-User or RA's IP address
- responseData = responseData +
- "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
-
- responseData = responseData +
- "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
-
- // Deal with Nonces
- byte[] sn = req.getSenderNonce();
-
- // Deal with message type
- String mt = req.getMessageType();
- responseData = responseData +
- "<MessageType>" + mt + "</MessageType>";
-
- PKCS10 p10 = (PKCS10)req.getP10();
- X500Name p10subject = p10.getSubjectName();
- responseData = responseData +
- "<SubjectName>" + p10subject.toString() + "</SubjectName>";
-
- String pkcs10Attr = "";
- PKCS10Attributes p10atts = p10.getAttributes();
- Enumeration<PKCS10Attribute> e = p10atts.getElements();
-
- while (e.hasMoreElements()) {
- PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
- CertAttrSet attr = p10a.getAttributeValue();
-
-
- if (attr.getName().equals(ChallengePassword.NAME)) {
- if (attr.get(ChallengePassword.PASSWORD) != null) {
- pkcs10Attr = pkcs10Attr +
- "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
- }
-
- }
- String extensionsStr = "";
- if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
- Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements();
- while (exts.hasMoreElements()) {
- Extension ext = exts.nextElement();
-
- if (ext.getExtensionId().equals(
- OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
- DerOutputStream dos = new DerOutputStream();
- SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
- Boolean.valueOf(false), // noncritical
- ext.getExtensionValue());
-
-
- @SuppressWarnings("unchecked")
- Vector<GeneralNameInterface> v =
- (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
- Enumeration<GeneralNameInterface> gne = v.elements();
+
+ // Create a new crypto context for doing all the crypto operations
+ cx = new CryptoContext();
+
+ // Verify Signature on message (throws exception if sig bad)
+ verifyRequest(req, cx);
+ unwrapPKCS10(req, cx);
+
+ IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+ if (profile == null) {
+ CMS.debug("Profile '" + mProfileId + "' not found.");
+ throw new ServletException("Profile '" + mProfileId + "' not found.");
+ } else {
+ CMS.debug("Found profile '" + mProfileId + "'.");
+ }
+
+ IProfileAuthenticator authenticator = null;
+ try {
+ CMS.debug("Retrieving authenticator");
+ authenticator = profile.getAuthenticator();
+ if (authenticator == null) {
+ CMS.debug("Authenticator not found.");
+ throw new ServletException("Authenticator not found.");
+ } else {
+ CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+ }
+ } catch (EProfileException e) {
+ throw new ServletException("Authenticator not found.");
+ }
+ AuthCredentials credentials = new AuthCredentials();
+ IAuthToken authToken = null;
+ // for ssl authentication; pass in servlet for retrieving
+ // ssl client certificates
+ SessionContext context = SessionContext.getContext();
+
+ // insert profile context so that input parameter can be retrieved
+ context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
+
+ try {
+ authToken = authenticate(credentials, authenticator, httpReq);
+ } catch (Exception e) {
+ CMS.debug("Authentication failure: " + e.getMessage());
+ throw new ServletException("Authentication failure: " + e.getMessage());
+ }
+ if (authToken == null) {
+ CMS.debug("Authentication failure.");
+ throw new ServletException("Authentication failure.");
+ }
+
+ // Deal with Transaction ID
+ String transactionID = req.getTransactionID();
+ responseData = responseData +
+ "<TransactionID>" + transactionID + "</TransactionID>";
+
+ // End-User or RA's IP address
+ responseData = responseData +
+ "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
+
+ responseData = responseData +
+ "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
+
+ // Deal with Nonces
+ byte[] sn = req.getSenderNonce();
+
+ // Deal with message type
+ String mt = req.getMessageType();
+ responseData = responseData +
+ "<MessageType>" + mt + "</MessageType>";
+
+ PKCS10 p10 = (PKCS10) req.getP10();
+ X500Name p10subject = p10.getSubjectName();
+ responseData = responseData +
+ "<SubjectName>" + p10subject.toString() + "</SubjectName>";
+
+ String pkcs10Attr = "";
+ PKCS10Attributes p10atts = p10.getAttributes();
+ Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+ while (e.hasMoreElements()) {
+ PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+ CertAttrSet attr = p10a.getAttributeValue();
+
+ if (attr.getName().equals(ChallengePassword.NAME)) {
+ if (attr.get(ChallengePassword.PASSWORD) != null) {
+ pkcs10Attr = pkcs10Attr +
+ "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
+ }
+
+ }
+ String extensionsStr = "";
+ if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+ Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
+ while (exts.hasMoreElements()) {
+ Extension ext = exts.nextElement();
+
+ if (ext.getExtensionId().equals(
+ OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
+ DerOutputStream dos = new DerOutputStream();
+ SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
+ Boolean.valueOf(false), // noncritical
+ ext.getExtensionValue());
+
+ @SuppressWarnings("unchecked")
+ Vector<GeneralNameInterface> v =
+ (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+ Enumeration<GeneralNameInterface> gne = v.elements();
StringBuffer subjAltNameStr = new StringBuffer();
- while (gne.hasMoreElements()) {
- GeneralNameInterface gni = gne.nextElement();
- if (gni instanceof GeneralName) {
- GeneralName genName = (GeneralName) gni;
+ while (gne.hasMoreElements()) {
+ GeneralNameInterface gni = gne.nextElement();
+ if (gni instanceof GeneralName) {
+ GeneralName genName = (GeneralName) gni;
- String gn = genName.toString();
- int colon = gn.indexOf(':');
- String gnType = gn.substring(0,colon).trim();
- String gnValue = gn.substring(colon+1).trim();
+ String gn = genName.toString();
+ int colon = gn.indexOf(':');
+ String gnType = gn.substring(0, colon).trim();
+ String gnValue = gn.substring(colon + 1).trim();
subjAltNameStr.append("<");
subjAltNameStr.append(gnType);
@@ -761,1453 +740,1393 @@ protected IProfileSubsystem mProfileSubsystem = null;
subjAltNameStr.append("</");
subjAltNameStr.append(gnType);
subjAltNameStr.append(">");
- }
- } // while
+ }
+ } // while
extensionsStr = "<SubjAltName>" +
- subjAltNameStr.toString() + "</SubjAltName>";
- } // if
- } // while
- pkcs10Attr = pkcs10Attr +
+ subjAltNameStr.toString() + "</SubjAltName>";
+ } // if
+ } // while
+ pkcs10Attr = pkcs10Attr +
"<Extensions>" + extensionsStr + "</Extensions>";
- } // if extensions
- } // while
- responseData = responseData +
- "<PKCS10>" + pkcs10Attr + "</PKCS10>";
-
- } catch (ServletException e) {
- throw new ServletException(e.getMessage().toString());
- } catch (CRSInvalidSignatureException e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- } catch (Exception e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
- }
-
- // We have now processed the request, and need to make the response message
-
- try {
-
- responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
- // Get the response coding
- response = responseData.getBytes();
-
- // Encode the httpResp into B64
- httpResp.setContentType("application/xml");
- httpResp.setContentLength(response.length);
- httpResp.getOutputStream().write(response);
- httpResp.getOutputStream().flush();
-
- int i1 = responseData.indexOf("<Password>");
- if (i1 > -1) {
- i1 += 10; // 10 is a length of "<Password>"
- int i2 = responseData.indexOf("</Password>", i1);
- if (i2 > -1) {
- responseData = responseData.substring(0, i1) + "********" +
+ } // if extensions
+ } // while
+ responseData = responseData +
+ "<PKCS10>" + pkcs10Attr + "</PKCS10>";
+
+ } catch (ServletException e) {
+ throw new ServletException(e.getMessage().toString());
+ } catch (CRSInvalidSignatureException e) {
+ CMS.debug("handlePKIMessage exception " + e);
+ CMS.debug(e);
+ } catch (Exception e) {
+ CMS.debug("handlePKIMessage exception " + e);
+ CMS.debug(e);
+ throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
+ }
+
+ // We have now processed the request, and need to make the response message
+
+ try {
+
+ responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
+ // Get the response coding
+ response = responseData.getBytes();
+
+ // Encode the httpResp into B64
+ httpResp.setContentType("application/xml");
+ httpResp.setContentLength(response.length);
+ httpResp.getOutputStream().write(response);
+ httpResp.getOutputStream().flush();
+
+ int i1 = responseData.indexOf("<Password>");
+ if (i1 > -1) {
+ i1 += 10; // 10 is a length of "<Password>"
+ int i2 = responseData.indexOf("</Password>", i1);
+ if (i2 > -1) {
+ responseData = responseData.substring(0, i1) + "********" +
responseData.substring(i2, responseData.length());
- }
- }
-
- CMS.debug("Output (decoding) PKIOperation response:");
- CMS.debug(responseData);
- }
- catch (Exception e) {
- throw new ServletException("Failed to create response for CEP message"+e.getMessage());
- }
-
- }
-
-
- /**
- * finds a request with this transaction ID.
- * If could not find any request - return null
- * If could only find 'rejected' or 'cancelled' requests, return null
- * If found 'pending' or 'completed' request - return that request
- */
-
-
- public void handlePKIOperation(HttpServletRequest httpReq,
+ }
+ }
+
+ CMS.debug("Output (decoding) PKIOperation response:");
+ CMS.debug(responseData);
+ } catch (Exception e) {
+ throw new ServletException("Failed to create response for CEP message" + e.getMessage());
+ }
+
+ }
+
+ /**
+ * finds a request with this transaction ID.
+ * If could not find any request - return null
+ * If could only find 'rejected' or 'cancelled' requests, return null
+ * If found 'pending' or 'completed' request - return that request
+ */
+
+ public void handlePKIOperation(HttpServletRequest httpReq,
HttpServletResponse httpResp,
String msg)
- throws ServletException {
-
-
- CryptoContext cx=null;
-
- CRSPKIMessage req=null;
- CRSPKIMessage crsResp=null;
-
- byte[] decodedPKIMessage;
- byte[] response=null;
- X509CertImpl cert = null;
-
- decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-
- try {
- ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
- // We make two CRSPKIMessages. One of them, is the request, so we initialize
- // it from the DER given to us from the router.
- // The second is the response, and we'll fill this in as we go.
-
- if (decodedPKIMessage.length < 50) {
- throw new ServletException("CRS request is too small to be a real request ("+
- decodedPKIMessage.length+" bytes)");
- }
- try {
- req = new CRSPKIMessage(is);
- String ea = req.getEncryptionAlgorithm();
- if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
- CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
- throw new ServletException("Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
+ throws ServletException {
+
+ CryptoContext cx = null;
+
+ CRSPKIMessage req = null;
+ CRSPKIMessage crsResp = null;
+
+ byte[] decodedPKIMessage;
+ byte[] response = null;
+ X509CertImpl cert = null;
+
+ decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+ try {
+ ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
+
+ // We make two CRSPKIMessages. One of them, is the request, so we initialize
+ // it from the DER given to us from the router.
+ // The second is the response, and we'll fill this in as we go.
+
+ if (decodedPKIMessage.length < 50) {
+ throw new ServletException("CRS request is too small to be a real request (" +
+ decodedPKIMessage.length + " bytes)");
}
- String da = req.getDigestAlgorithmName();
- if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
- CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
- throw new ServletException("Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
+ try {
+ req = new CRSPKIMessage(is);
+ String ea = req.getEncryptionAlgorithm();
+ if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+ CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '" + ea +
+ "' is not allowed (" + mEncryptionAlgorithmList + ").");
+ throw new ServletException("Encryption algorithm '" + ea +
+ "' is not allowed (" + mEncryptionAlgorithmList + ").");
+ }
+ String da = req.getDigestAlgorithmName();
+ if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+ CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '" + da +
+ "' is not allowed (" + mHashAlgorithmList + ").");
+ throw new ServletException("Hashing algorithm '" + da +
+ "' is not allowed (" + mHashAlgorithmList + ").");
+ }
+ if (ea != null) {
+ mEncryptionAlgorithm = ea;
+ }
+ crsResp = new CRSPKIMessage();
+ } catch (ServletException e) {
+ throw new ServletException(e.getMessage().toString());
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new ServletException("Could not decode the request.");
+ }
+ crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
+
+ // Create a new crypto context for doing all the crypto operations
+ cx = new CryptoContext();
+
+ // Verify Signature on message (throws exception if sig bad)
+ verifyRequest(req, cx);
+
+ // Deal with Transaction ID
+ String transactionID = req.getTransactionID();
+ if (transactionID == null) {
+ throw new ServletException("Error: malformed PKIMessage - missing transactionID");
+ } else {
+ crsResp.setTransactionID(transactionID);
+ }
+
+ // Deal with Nonces
+ byte[] sn = req.getSenderNonce();
+ if (sn == null) {
+ throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
+ } else {
+ if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
+ byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null;
+ System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
+ crsResp.setRecipientNonce(snLimited);
+ } else {
+ crsResp.setRecipientNonce(sn);
+ }
+ byte[] serverNonce = new byte[16];
+ mRandom.nextBytes(serverNonce);
+ crsResp.setSenderNonce(serverNonce);
+ // crsResp.setSenderNonce(new byte[] {0});
+ }
+
+ // Deal with message type
+ String mt = req.getMessageType();
+ if (mt == null) {
+ throw new ServletException("Error: malformed PKIMessage - missing messageType");
}
- if (ea != null) {
- mEncryptionAlgorithm = ea;
- }
- crsResp = new CRSPKIMessage();
- }
- catch (ServletException e) {
- throw new ServletException(e.getMessage().toString());
- }
- catch (Exception e) {
+
+ // now run appropriate code, depending on message type
+ if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
+ CMS.debug("Processing PKCSReq");
+ try {
+ // Check if there is an existing request. If this returns non-null,
+ // then the request is 'active' (either pending or completed) in
+ // which case, we compare the hash of the new request to the hash of the
+ // one in the queue - if they are the same, I return the state of the
+ // original request - as if it was 'getCertInitial' message.
+ // If the hashes are different, then the user attempted to enroll
+ // for a new request with the same txid, which is not allowed -
+ // so we return 'failure'.
+
+ IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true);
+
+ // If there was no request (with a cert) with this transaction ID,
+ // process it as a new request
+
+ cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx);
+
+ } catch (CRSFailureException e) {
+ throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage());
+ }
+ } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
+ CMS.debug("Processing GetCertInitial");
+ cert = handleGetCertInitial(req, crsResp);
+ } else {
+ CMS.debug("Invalid request type " + mt);
+ }
+ } catch (ServletException e) {
+ throw new ServletException(e.getMessage().toString());
+ } catch (CRSInvalidSignatureException e) {
+ CMS.debug("handlePKIMessage exception " + e);
+ CMS.debug(e);
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ } catch (Exception e) {
+ CMS.debug("handlePKIMessage exception " + e);
CMS.debug(e);
- throw new ServletException("Could not decode the request.");
- }
- crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
-
- // Create a new crypto context for doing all the crypto operations
- cx = new CryptoContext();
-
- // Verify Signature on message (throws exception if sig bad)
- verifyRequest(req,cx);
-
- // Deal with Transaction ID
- String transactionID = req.getTransactionID();
- if (transactionID == null) {
- throw new ServletException("Error: malformed PKIMessage - missing transactionID");
- }
- else {
- crsResp.setTransactionID(transactionID);
- }
-
- // Deal with Nonces
- byte[] sn = req.getSenderNonce();
- if (sn == null) {
- throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
- }
- else {
- if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
- byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null;
- System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
- crsResp.setRecipientNonce(snLimited);
- } else {
- crsResp.setRecipientNonce(sn);
- }
- byte[] serverNonce = new byte[16];
- mRandom.nextBytes(serverNonce);
- crsResp.setSenderNonce(serverNonce);
- // crsResp.setSenderNonce(new byte[] {0});
- }
-
- // Deal with message type
- String mt = req.getMessageType();
- if (mt == null) {
- throw new ServletException("Error: malformed PKIMessage - missing messageType");
- }
-
- // now run appropriate code, depending on message type
- if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
- CMS.debug("Processing PKCSReq");
- try {
- // Check if there is an existing request. If this returns non-null,
- // then the request is 'active' (either pending or completed) in
- // which case, we compare the hash of the new request to the hash of the
- // one in the queue - if they are the same, I return the state of the
- // original request - as if it was 'getCertInitial' message.
- // If the hashes are different, then the user attempted to enroll
- // for a new request with the same txid, which is not allowed -
- // so we return 'failure'.
-
- IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true);
-
- // If there was no request (with a cert) with this transaction ID,
- // process it as a new request
-
- cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx);
-
- }
- catch (CRSFailureException e) {
- throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage());
- }
- }
- else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
- CMS.debug("Processing GetCertInitial");
- cert = handleGetCertInitial(req,crsResp);
- } else {
- CMS.debug("Invalid request type " + mt);
- }
- }
- catch (ServletException e) {
- throw new ServletException(e.getMessage().toString());
- }
- catch (CRSInvalidSignatureException e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- }
- catch (Exception e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
- }
-
- // We have now processed the request, and need to make the response message
-
- try {
- // make the response
- processCertRep(cx, cert,crsResp, req);
-
- // Get the response coding
- response = crsResp.getResponse();
-
- // Encode the crsResp into B64
- httpResp.setContentType("application/x-pki-message");
- httpResp.setContentLength(response.length);
- httpResp.getOutputStream().write(response);
- httpResp.getOutputStream().flush();
-
- CMS.debug("Output PKIOperation response:");
- CMS.debug(CMS.BtoA(response));
- }
- catch (Exception e) {
- throw new ServletException("Failed to create response for CEP message"+e.getMessage());
- }
-
- }
-
-
- /**
- * finds a request with this transaction ID.
- * If could not find any request - return null
- * If could only find 'rejected' or 'cancelled' requests, return null
- * If found 'pending' or 'completed' request - return that request
- */
-
- public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
- throws EBaseException {
-
- /* Check if certificate request has been completed */
-
- IRequestQueue rq = ca.getRequestQueue();
- IRequest foundRequest = null;
-
- Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid);
- if (rids == null) { return null; }
-
- int count=0;
- while (rids.hasMoreElements()) {
- RequestId rid = rids.nextElement();
- if (rid == null) {
- continue;
- }
-
- IRequest request = rq.findRequest(rid);
- if (request == null) {
- continue;
- }
- if ( !ignoreRejected ||
- request.getRequestStatus().equals(RequestStatus.PENDING) ||
- request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
- if (foundRequest != null) {
- }
- foundRequest = request;
- }
- }
- return foundRequest;
- }
-
- /**
- * Called if the router is requesting us to send it its certificate
- * Examine request queue for a request matching the transaction ID.
- * Ignore any rejected or cancelled requests.
- *
- * If a request is found in the pending state, the response should be
- * 'pending'
- *
- * If a request is found in the completed state, the response should be
- * to return the certificate
- *
- * If no request is found, the response should be to return null
- *
- */
-
- public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp)
- {
- IRequest foundRequest=null;
-
- // already done by handlePKIOperation
- // resp.setRecipientNonce(req.getSenderNonce());
- // resp.setSenderNonce(null);
-
- try {
- foundRequest = findRequestByTransactionID(req.getTransactionID(),false);
- } catch (EBaseException e) {
- }
-
- if (foundRequest == null) {
- resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
- resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- return null;
- }
-
- return makeResponseFromRequest(req,resp,foundRequest);
- }
-
-
- public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
- throws CRSInvalidSignatureException {
-
- // Get Signed Data
-
- byte[] reqAAbytes = req.getAA();
- byte[] reqAAsig = req.getAADigest();
-
- }
-
-
- /**
- * Create an entry for this user in the publishing directory
- *
- */
-
- private boolean createEntry(String dn)
- {
- boolean result = false;
-
- IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
- if (ldapPub == null || !ldapPub.enabled()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
-
- return result;
- }
-
- ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory();
- if (connFactory == null) {
- return result;
- }
-
- LDAPConnection connection=null;
- try {
- connection = connFactory.getConn();
- String[] objectclasses = { "top", mEntryObjectclass };
- LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses);
-
- LDAPAttributeSet attrSet = new LDAPAttributeSet();
- attrSet.add(ocAttrs);
-
- LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
- connection.add(newEntry);
- result=true;
- }
- catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn));
- }
- finally {
- try {
- connFactory.returnConn(connection);
- }
- catch (Exception f) {}
- }
- return result;
+ throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
+ }
+
+ // We have now processed the request, and need to make the response message
+
+ try {
+ // make the response
+ processCertRep(cx, cert, crsResp, req);
+
+ // Get the response coding
+ response = crsResp.getResponse();
+
+ // Encode the crsResp into B64
+ httpResp.setContentType("application/x-pki-message");
+ httpResp.setContentLength(response.length);
+ httpResp.getOutputStream().write(response);
+ httpResp.getOutputStream().flush();
+
+ CMS.debug("Output PKIOperation response:");
+ CMS.debug(CMS.BtoA(response));
+ } catch (Exception e) {
+ throw new ServletException("Failed to create response for CEP message" + e.getMessage());
+ }
+
+ }
+
+ /**
+ * finds a request with this transaction ID.
+ * If could not find any request - return null
+ * If could only find 'rejected' or 'cancelled' requests, return null
+ * If found 'pending' or 'completed' request - return that request
+ */
+
+ public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
+ throws EBaseException {
+
+ /* Check if certificate request has been completed */
+
+ IRequestQueue rq = ca.getRequestQueue();
+ IRequest foundRequest = null;
+
+ Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid);
+ if (rids == null) {
+ return null;
+ }
+
+ int count = 0;
+ while (rids.hasMoreElements()) {
+ RequestId rid = rids.nextElement();
+ if (rid == null) {
+ continue;
+ }
+
+ IRequest request = rq.findRequest(rid);
+ if (request == null) {
+ continue;
+ }
+ if (!ignoreRejected ||
+ request.getRequestStatus().equals(RequestStatus.PENDING) ||
+ request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
+ if (foundRequest != null) {
+ }
+ foundRequest = request;
+ }
+ }
+ return foundRequest;
}
+ /**
+ * Called if the router is requesting us to send it its certificate
+ * Examine request queue for a request matching the transaction ID.
+ * Ignore any rejected or cancelled requests.
+ *
+ * If a request is found in the pending state, the response should be
+ * 'pending'
+ *
+ * If a request is found in the completed state, the response should be
+ * to return the certificate
+ *
+ * If no request is found, the response should be to return null
+ *
+ */
+
+ public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) {
+ IRequest foundRequest = null;
+
+ // already done by handlePKIOperation
+ // resp.setRecipientNonce(req.getSenderNonce());
+ // resp.setSenderNonce(null);
+
+ try {
+ foundRequest = findRequestByTransactionID(req.getTransactionID(), false);
+ } catch (EBaseException e) {
+ }
+
+ if (foundRequest == null) {
+ resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
+ resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ return null;
+ }
+
+ return makeResponseFromRequest(req, resp, foundRequest);
+ }
+
+ public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
+ throws CRSInvalidSignatureException {
+
+ // Get Signed Data
+
+ byte[] reqAAbytes = req.getAA();
+ byte[] reqAAsig = req.getAADigest();
+
+ }
+
+ /**
+ * Create an entry for this user in the publishing directory
+ *
+ */
+
+ private boolean createEntry(String dn) {
+ boolean result = false;
+ IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
+ if (ldapPub == null || !ldapPub.enabled()) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
+
+ return result;
+ }
- /**
- * Here we decrypt the PKCS10 message from the client
- *
- */
-
- public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
- throws ServletException,
+ ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub).getLdapConnModule().getLdapConnFactory();
+ if (connFactory == null) {
+ return result;
+ }
+
+ LDAPConnection connection = null;
+ try {
+ connection = connFactory.getConn();
+ String[] objectclasses = { "top", mEntryObjectclass };
+ LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses);
+
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+ attrSet.add(ocAttrs);
+
+ LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
+ connection.add(newEntry);
+ result = true;
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn));
+ } finally {
+ try {
+ connFactory.returnConn(connection);
+ } catch (Exception f) {
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Here we decrypt the PKCS10 message from the client
+ *
+ */
+
+ public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
+ throws ServletException,
CryptoManager.NotInitializedException,
- CryptoContext.CryptoContextException,
+ CryptoContext.CryptoContextException,
CRSFailureException {
-
- byte[] decryptedP10bytes = null;
- SymmetricKey sk;
- SymmetricKey skinternal;
- SymmetricKey.Type skt;
- KeyWrapper kw;
- Cipher cip;
- EncryptionAlgorithm ea;
- boolean errorInRequest = false;
-
- // Unwrap the session key with the Cert server key
- try {
- kw = cx.getKeyWrapper();
-
- kw.initUnwrap(cx.getPrivateKey(),null);
-
- skt = SymmetricKey.Type.DES;
- ea = EncryptionAlgorithm.DES_CBC;
- if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
- skt = SymmetricKey.Type.DES3;
- ea = EncryptionAlgorithm.DES3_CBC;
- }
-
- sk = kw.unwrapSymmetric(req.getWrappedKey(),
+
+ byte[] decryptedP10bytes = null;
+ SymmetricKey sk;
+ SymmetricKey skinternal;
+ SymmetricKey.Type skt;
+ KeyWrapper kw;
+ Cipher cip;
+ EncryptionAlgorithm ea;
+ boolean errorInRequest = false;
+
+ // Unwrap the session key with the Cert server key
+ try {
+ kw = cx.getKeyWrapper();
+
+ kw.initUnwrap(cx.getPrivateKey(), null);
+
+ skt = SymmetricKey.Type.DES;
+ ea = EncryptionAlgorithm.DES_CBC;
+ if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+ skt = SymmetricKey.Type.DES3;
+ ea = EncryptionAlgorithm.DES3_CBC;
+ }
+
+ sk = kw.unwrapSymmetric(req.getWrappedKey(),
skt,
SymmetricKey.Usage.DECRYPT,
- 0); // keylength is ignored
-
- skinternal = cx.getDESKeyGenerator().clone(sk);
-
- cip = skinternal.getOwningToken().getCipherContext(ea);
-
- cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV())));
-
- decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
- CMS.debug("decryptedP10bytes:");
- CMS.debug(decryptedP10bytes);
-
- req.setP10(new PKCS10(decryptedP10bytes));
- } catch (Exception e) {
- CMS.debug("failed to unwrap PKCS10 " + e);
- throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage());
- }
-
- }
-
-
-
-private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
- throws CRSFailureException {
-
- IRequest issueReq = null;
- X509CertImpl issuedCert=null;
- SubjectAlternativeNameExtension sane = null;
- CertAttrSet requested_ext = null;
-
- try {
- PKCS10 p10 = req.getP10();
-
- if (p10 == null) {
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
- }
-
- AuthCredentials authCreds = new AuthCredentials();
-
- String challengePassword = null;
- // Here, we make a new CertInfo - it's a new start for a certificate
-
- X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-
- // get some stuff out of the request
- X509Key key = p10.getSubjectPublicKeyInfo();
- X500Name p10subject = p10.getSubjectName();
-
- X500Name subject=null;
-
- // The following code will copy all the attributes
- // into the AuthCredentials so they can be used for
- // authentication
- //
- // Optionally, you can re-map the subject name from:
- // one RDN, with many AVA's to
- // many RDN's with one AVA in each.
-
- Enumeration<RDN> rdne = p10subject.getRDNs();
- Vector<RDN> rdnv = new Vector<RDN>();
-
- Hashtable<String, String> sanehash = new Hashtable<String, String>();
-
- X500NameAttrMap xnap = X500NameAttrMap.getDefault();
- while (rdne.hasMoreElements()) {
- RDN rdn = (RDN) rdne.nextElement();
- int i=0;
- AVA[] oldavas = rdn.getAssertion();
- for (i=0; i<rdn.getAssertionLength(); i++) {
- AVA[] newavas = new AVA[1];
- newavas[0] = oldavas[i];
-
- authCreds.set(xnap.getName(oldavas[i].getOid()),
- oldavas[i].getValue().getAsString());
-
- if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
-
- sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString());
- }
- if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
- sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString());
- }
-
- RDN newrdn = new RDN(newavas);
- if (mFlattenDN) {
- rdnv.addElement(newrdn);
- }
- }
- }
-
- if (mFlattenDN) subject = new X500Name(rdnv);
- else subject = p10subject;
-
-
- // create default key usage extension
- KeyUsageExtension kue = new KeyUsageExtension();
- kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
- kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
-
-
- PKCS10Attributes p10atts = p10.getAttributes();
- Enumeration<PKCS10Attribute> e = p10atts.getElements();
-
- while (e.hasMoreElements()) {
- PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
- CertAttrSet attr = p10a.getAttributeValue();
-
-
- if (attr.getName().equals(ChallengePassword.NAME)) {
- if (attr.get(ChallengePassword.PASSWORD) != null) {
- req.put(AUTH_PASSWORD,
- (String)attr.get(ChallengePassword.PASSWORD));
- req.put(ChallengePassword.NAME,
- hashPassword(
- (String)attr.get(ChallengePassword.PASSWORD)));
- }
- }
-
- if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
- Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements();
- while (exts.hasMoreElements()) {
- Extension ext = exts.nextElement();
-
- if (ext.getExtensionId().equals(
- OIDMap.getOID(KeyUsageExtension.IDENT)) ) {
-
- kue = new KeyUsageExtension(
- new Boolean(false), // noncritical
- ext.getExtensionValue());
- }
-
- if (ext.getExtensionId().equals(
- OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
- DerOutputStream dos = new DerOutputStream();
- sane = new SubjectAlternativeNameExtension(
- new Boolean(false), // noncritical
- ext.getExtensionValue());
-
-
- @SuppressWarnings("unchecked")
- Vector<GeneralNameInterface> v =
- (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
- Enumeration<GeneralNameInterface> gne = v.elements();
-
- while (gne.hasMoreElements()) {
- GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
- if (gni instanceof GeneralName) {
- GeneralName genName = (GeneralName) gni;
-
- String gn = genName.toString();
- int colon = gn.indexOf(':');
- String gnType = gn.substring(0,colon).trim();
- String gnValue = gn.substring(colon+1).trim();
-
- authCreds.set(gnType,gnValue);
- }
- }
- }
- }
- }
- }
-
- if (authCreds != null) req.put(AUTH_CREDS,authCreds);
-
- try {
- if (sane == null) sane = makeDefaultSubjectAltName(sanehash);
- } catch (Exception sane_e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
- sane_e.getMessage()));
- }
-
-
-
- try {
- if (mAppendDN != null && ! mAppendDN.equals("")) {
-
- X500Name newSubject = new X500Name(subject.toString());
- subject = new X500Name( subject.toString().concat(","+mAppendDN));
- }
-
- } catch (Exception sne) {
- log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname");
- }
-
- if (subject != null) req.put(SUBJECTNAME, subject);
-
- if (key == null || subject == null) {
- // log
- //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
- }
-
-
-
- certInfo.set(X509CertInfo.VERSION,
+ 0); // keylength is ignored
+
+ skinternal = cx.getDESKeyGenerator().clone(sk);
+
+ cip = skinternal.getOwningToken().getCipherContext(ea);
+
+ cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV())));
+
+ decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
+ CMS.debug("decryptedP10bytes:");
+ CMS.debug(decryptedP10bytes);
+
+ req.setP10(new PKCS10(decryptedP10bytes));
+ } catch (Exception e) {
+ CMS.debug("failed to unwrap PKCS10 " + e);
+ throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage());
+ }
+
+ }
+
+ private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
+ throws CRSFailureException {
+
+ IRequest issueReq = null;
+ X509CertImpl issuedCert = null;
+ SubjectAlternativeNameExtension sane = null;
+ CertAttrSet requested_ext = null;
+
+ try {
+ PKCS10 p10 = req.getP10();
+
+ if (p10 == null) {
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
+ }
+
+ AuthCredentials authCreds = new AuthCredentials();
+
+ String challengePassword = null;
+ // Here, we make a new CertInfo - it's a new start for a certificate
+
+ X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
+
+ // get some stuff out of the request
+ X509Key key = p10.getSubjectPublicKeyInfo();
+ X500Name p10subject = p10.getSubjectName();
+
+ X500Name subject = null;
+
+ // The following code will copy all the attributes
+ // into the AuthCredentials so they can be used for
+ // authentication
+ //
+ // Optionally, you can re-map the subject name from:
+ // one RDN, with many AVA's to
+ // many RDN's with one AVA in each.
+
+ Enumeration<RDN> rdne = p10subject.getRDNs();
+ Vector<RDN> rdnv = new Vector<RDN>();
+
+ Hashtable<String, String> sanehash = new Hashtable<String, String>();
+
+ X500NameAttrMap xnap = X500NameAttrMap.getDefault();
+ while (rdne.hasMoreElements()) {
+ RDN rdn = (RDN) rdne.nextElement();
+ int i = 0;
+ AVA[] oldavas = rdn.getAssertion();
+ for (i = 0; i < rdn.getAssertionLength(); i++) {
+ AVA[] newavas = new AVA[1];
+ newavas[0] = oldavas[i];
+
+ authCreds.set(xnap.getName(oldavas[i].getOid()),
+ oldavas[i].getValue().getAsString());
+
+ if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
+
+ sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString());
+ }
+ if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
+ sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString());
+ }
+
+ RDN newrdn = new RDN(newavas);
+ if (mFlattenDN) {
+ rdnv.addElement(newrdn);
+ }
+ }
+ }
+
+ if (mFlattenDN)
+ subject = new X500Name(rdnv);
+ else
+ subject = p10subject;
+
+ // create default key usage extension
+ KeyUsageExtension kue = new KeyUsageExtension();
+ kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
+ kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
+
+ PKCS10Attributes p10atts = p10.getAttributes();
+ Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+ while (e.hasMoreElements()) {
+ PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+ CertAttrSet attr = p10a.getAttributeValue();
+
+ if (attr.getName().equals(ChallengePassword.NAME)) {
+ if (attr.get(ChallengePassword.PASSWORD) != null) {
+ req.put(AUTH_PASSWORD,
+ (String) attr.get(ChallengePassword.PASSWORD));
+ req.put(ChallengePassword.NAME,
+ hashPassword(
+ (String) attr.get(ChallengePassword.PASSWORD)));
+ }
+ }
+
+ if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+ Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
+ while (exts.hasMoreElements()) {
+ Extension ext = exts.nextElement();
+
+ if (ext.getExtensionId().equals(
+ OIDMap.getOID(KeyUsageExtension.IDENT))) {
+
+ kue = new KeyUsageExtension(
+ new Boolean(false), // noncritical
+ ext.getExtensionValue());
+ }
+
+ if (ext.getExtensionId().equals(
+ OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
+ DerOutputStream dos = new DerOutputStream();
+ sane = new SubjectAlternativeNameExtension(
+ new Boolean(false), // noncritical
+ ext.getExtensionValue());
+
+ @SuppressWarnings("unchecked")
+ Vector<GeneralNameInterface> v =
+ (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+ Enumeration<GeneralNameInterface> gne = v.elements();
+
+ while (gne.hasMoreElements()) {
+ GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
+ if (gni instanceof GeneralName) {
+ GeneralName genName = (GeneralName) gni;
+
+ String gn = genName.toString();
+ int colon = gn.indexOf(':');
+ String gnType = gn.substring(0, colon).trim();
+ String gnValue = gn.substring(colon + 1).trim();
+
+ authCreds.set(gnType, gnValue);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if (authCreds != null)
+ req.put(AUTH_CREDS, authCreds);
+
+ try {
+ if (sane == null)
+ sane = makeDefaultSubjectAltName(sanehash);
+ } catch (Exception sane_e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+ sane_e.getMessage()));
+ }
+
+ try {
+ if (mAppendDN != null && !mAppendDN.equals("")) {
+
+ X500Name newSubject = new X500Name(subject.toString());
+ subject = new X500Name(subject.toString().concat("," + mAppendDN));
+ }
+
+ } catch (Exception sne) {
+ log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname");
+ }
+
+ if (subject != null)
+ req.put(SUBJECTNAME, subject);
+
+ if (key == null || subject == null) {
+ // log
+ //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
+ }
+
+ certInfo.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3));
-
- certInfo.set(X509CertInfo.SUBJECT,
+
+ certInfo.set(X509CertInfo.SUBJECT,
new CertificateSubjectName(subject));
-
- certInfo.set(X509CertInfo.KEY,
+
+ certInfo.set(X509CertInfo.KEY,
new CertificateX509Key(key));
-
- CertificateExtensions ext = new CertificateExtensions();
-
- if (kue != null) {
- ext.set(KeyUsageExtension.class.getSimpleName(), kue);
- }
-
- // add subjectAltName extension, if present
- if (sane != null) {
- ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane);
- }
-
- certInfo.set(X509CertInfo.EXTENSIONS,ext);
-
- req.put(CERTINFO, certInfo);
- } catch (Exception e) {
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- return ;
- } // NEED TO FIX
- }
-
-
- private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
-
- // if no subjectaltname extension was requested, we try to make it up
- // from some of the elements of the subject name
-
- int itemCount = ht.size();
- GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
-
- itemCount = 0;
- Enumeration<String> en = ht.keys();
- while (en.hasMoreElements()) {
- String key = (String) en.nextElement();
- if (key.equals(SANE_DNSNAME)) {
- gn[itemCount++] = new DNSName((String)ht.get(key));
- }
- if (key.equals(SANE_IPADDRESS)) {
- gn[itemCount++] = new IPAddressName((String)ht.get(key));
+
+ CertificateExtensions ext = new CertificateExtensions();
+
+ if (kue != null) {
+ ext.set(KeyUsageExtension.class.getSimpleName(), kue);
+ }
+
+ // add subjectAltName extension, if present
+ if (sane != null) {
+ ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane);
+ }
+
+ certInfo.set(X509CertInfo.EXTENSIONS, ext);
+
+ req.put(CERTINFO, certInfo);
+ } catch (Exception e) {
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ return;
+ } // NEED TO FIX
+ }
+
+ private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
+
+ // if no subjectaltname extension was requested, we try to make it up
+ // from some of the elements of the subject name
+
+ int itemCount = ht.size();
+ GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
+
+ itemCount = 0;
+ Enumeration<String> en = ht.keys();
+ while (en.hasMoreElements()) {
+ String key = (String) en.nextElement();
+ if (key.equals(SANE_DNSNAME)) {
+ gn[itemCount++] = new DNSName((String) ht.get(key));
+ }
+ if (key.equals(SANE_IPADDRESS)) {
+ gn[itemCount++] = new IPAddressName((String) ht.get(key));
+ }
+ }
+
+ try {
+ return new SubjectAlternativeNameExtension(new GeneralNames(gn));
+ } catch (Exception e) {
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+ e.getMessage()));
+ return null;
}
}
- try {
- return new SubjectAlternativeNameExtension( new GeneralNames(gn) );
- } catch (Exception e) {
- log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
- e.getMessage()));
- return null;
- }
- }
-
-
-
- // Perform authentication
-
- /*
- * if the authentication is set up for CEP, and the user provides
- * some credential, an attempt is made to authenticate the user
- * If this fails, this method will return true
- * If it is sucessful, this method will return true and
- * an authtoken will be in the request
- *
- * If authentication is not configured, this method will
- * return false. The request will be processed in the usual
- * way, but no authtoken will be in the request.
- *
- * In other word, this method returns true if the request
- * should be aborted, false otherwise.
- */
-
- private boolean authenticateUser(CRSPKIMessage req) {
- boolean authenticationFailed = true;
-
- if (mAuthManagerName == null) {
- return false;
- }
-
- String password = (String)req.get(AUTH_PASSWORD);
-
- AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS);
-
- if (authCreds == null) {
- authCreds = new AuthCredentials();
- }
-
- // authtoken starts as null
- AuthToken token = null;
-
- if (password != null && !password.equals("")) {
- try {
- authCreds.set(AUTH_PASSWORD,password);
- } catch (Exception e) {}
- }
-
+ // Perform authentication
- try {
- token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName);
- authCreds.delete(AUTH_PASSWORD);
- // if we got here, the authenticate call must not have thrown
- // an exception
- authenticationFailed = false;
- }
- catch (EInvalidCredentials ex) {
- // Invalid credentials - we must reject the request
- authenticationFailed = true;
- }
- catch (EMissingCredential mc) {
- // Misssing credential - we'll log, and process manually
- authenticationFailed = false;
- }
- catch (EBaseException ex) {
- // If there's some other error, we'll reject
- // So, we just continue on, - AUTH_TOKEN will not be set.
- }
-
- if (token != null) {
- req.put(AUTH_TOKEN,token);
- }
-
- return authenticationFailed;
- }
-
- private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints)
- {
-
- Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
- if (old_fprints == null) { return false; }
-
- byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
- byte[] new_md5 = (byte[]) fingerprints.get("MD5");
-
- if (old_md5.length != new_md5.length) return false;
-
- for (int i=0;i<old_md5.length; i++) {
- if (old_md5[i] != new_md5[i]) return false;
- }
- return true;
- }
-
- public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
- IRequest cmsRequest, CRSPKIMessage req,
- CRSPKIMessage crsResp, CryptoContext cx)
- throws ServletException,
+ /*
+ * if the authentication is set up for CEP, and the user provides
+ * some credential, an attempt is made to authenticate the user
+ * If this fails, this method will return true
+ * If it is sucessful, this method will return true and
+ * an authtoken will be in the request
+ *
+ * If authentication is not configured, this method will
+ * return false. The request will be processed in the usual
+ * way, but no authtoken will be in the request.
+ *
+ * In other word, this method returns true if the request
+ * should be aborted, false otherwise.
+ */
+
+ private boolean authenticateUser(CRSPKIMessage req) {
+ boolean authenticationFailed = true;
+
+ if (mAuthManagerName == null) {
+ return false;
+ }
+
+ String password = (String) req.get(AUTH_PASSWORD);
+
+ AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS);
+
+ if (authCreds == null) {
+ authCreds = new AuthCredentials();
+ }
+
+ // authtoken starts as null
+ AuthToken token = null;
+
+ if (password != null && !password.equals("")) {
+ try {
+ authCreds.set(AUTH_PASSWORD, password);
+ } catch (Exception e) {
+ }
+ }
+
+ try {
+ token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName);
+ authCreds.delete(AUTH_PASSWORD);
+ // if we got here, the authenticate call must not have thrown
+ // an exception
+ authenticationFailed = false;
+ } catch (EInvalidCredentials ex) {
+ // Invalid credentials - we must reject the request
+ authenticationFailed = true;
+ } catch (EMissingCredential mc) {
+ // Misssing credential - we'll log, and process manually
+ authenticationFailed = false;
+ } catch (EBaseException ex) {
+ // If there's some other error, we'll reject
+ // So, we just continue on, - AUTH_TOKEN will not be set.
+ }
+
+ if (token != null) {
+ req.put(AUTH_TOKEN, token);
+ }
+
+ return authenticationFailed;
+ }
+
+ private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) {
+
+ Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+ if (old_fprints == null) {
+ return false;
+ }
+
+ byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
+ byte[] new_md5 = (byte[]) fingerprints.get("MD5");
+
+ if (old_md5.length != new_md5.length)
+ return false;
+
+ for (int i = 0; i < old_md5.length; i++) {
+ if (old_md5[i] != new_md5[i])
+ return false;
+ }
+ return true;
+ }
+
+ public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
+ IRequest cmsRequest, CRSPKIMessage req,
+ CRSPKIMessage crsResp, CryptoContext cx)
+ throws ServletException,
CryptoManager.NotInitializedException,
CRSFailureException {
- try {
- unwrapPKCS10(req,cx);
- Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
-
- if (cmsRequest != null) {
- if (areFingerprintsEqual(cmsRequest, fingerprints)) {
- CMS.debug("created response from request");
- return makeResponseFromRequest(req,crsResp,cmsRequest);
- }
- else {
- CMS.debug("duplicated transaction id");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- return null;
- }
- }
-
- getDetailFromRequest(req,crsResp);
- boolean authFailed = authenticateUser(req);
-
- if (authFailed) {
- CMS.debug("authentication failed");
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-
-
- // perform audit log
- String auditMessage = CMS.getLogMessage(
+ try {
+ unwrapPKCS10(req, cx);
+ Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
+
+ if (cmsRequest != null) {
+ if (areFingerprintsEqual(cmsRequest, fingerprints)) {
+ CMS.debug("created response from request");
+ return makeResponseFromRequest(req, crsResp, cmsRequest);
+ } else {
+ CMS.debug("duplicated transaction id");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ return null;
+ }
+ }
+
+ getDetailFromRequest(req, crsResp);
+ boolean authFailed = authenticateUser(req);
+
+ if (authFailed) {
+ CMS.debug("authentication failed");
+ log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+
+ // perform audit log
+ String auditMessage = CMS.getLogMessage(
"LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5",
httpReq.getRemoteAddr(),
ILogger.FAILURE,
req.getTransactionID(),
"CRSEnrollment",
ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- ILogger signedAuditLogger = CMS.getSignedAuditLogger();
- if (signedAuditLogger != null) {
- signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null, ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY, auditMessage);
- }
-
- return null;
- }
- else {
- IRequest ireq = postRequest(httpReq, req,crsResp);
-
-
- CMS.debug("created response");
- return makeResponseFromRequest(req,crsResp, ireq);
- }
- } catch (CryptoContext.CryptoContextException e) {
- CMS.debug("failed to decrypt the request " + e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
- e.getMessage()));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- } catch (EBaseException e) {
- CMS.debug("operation failure - " + e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
- e.getMessage()));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- }
- return null;
- }
-
-
-////// post the request
-
-/*
- needed:
-
- token (authtoken)
- certInfo
- fingerprints x
- req.transactionID
- crsResp
-*/
-
-private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp)
-throws EBaseException {
- X500Name subject = (X500Name)req.get(SUBJECTNAME);
-
- if (mCreateEntry) {
- if (subject == null) {
- CMS.debug( "CRSEnrollment::postRequest() - subject is null!" );
- return null;
- }
- createEntry(subject.toString());
- }
-
- // use profile framework to handle SCEP
- if (mProfileId != null) {
- PKCS10 pkcs10data = req.getP10();
- String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
-
- // XXX authentication handling
- CMS.debug("Found profile=" + mProfileId);
- IProfile profile = mProfileSubsystem.getProfile(mProfileId);
- if (profile == null) {
- CMS.debug("profile " + mProfileId + " not found");
- return null;
- }
- IProfileContext ctx = profile.createContext();
-
- IProfileAuthenticator authenticator = null;
- try {
- CMS.debug("Retrieving authenticator");
- authenticator = profile.getAuthenticator();
+ ILogger signedAuditLogger = CMS.getSignedAuditLogger();
+ if (signedAuditLogger != null) {
+ signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null, ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY, auditMessage);
+ }
+
+ return null;
+ } else {
+ IRequest ireq = postRequest(httpReq, req, crsResp);
+
+ CMS.debug("created response");
+ return makeResponseFromRequest(req, crsResp, ireq);
+ }
+ } catch (CryptoContext.CryptoContextException e) {
+ CMS.debug("failed to decrypt the request " + e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
+ e.getMessage()));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ } catch (EBaseException e) {
+ CMS.debug("operation failure - " + e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
+ e.getMessage()));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ }
+ return null;
+ }
+
+ ////// post the request
+
+ /*
+ needed:
+
+ token (authtoken)
+ certInfo
+ fingerprints x
+ req.transactionID
+ crsResp
+ */
+
+ private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp)
+ throws EBaseException {
+ X500Name subject = (X500Name) req.get(SUBJECTNAME);
+
+ if (mCreateEntry) {
+ if (subject == null) {
+ CMS.debug("CRSEnrollment::postRequest() - subject is null!");
+ return null;
+ }
+ createEntry(subject.toString());
+ }
+
+ // use profile framework to handle SCEP
+ if (mProfileId != null) {
+ PKCS10 pkcs10data = req.getP10();
+ String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
+
+ // XXX authentication handling
+ CMS.debug("Found profile=" + mProfileId);
+ IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+ if (profile == null) {
+ CMS.debug("profile " + mProfileId + " not found");
+ return null;
+ }
+ IProfileContext ctx = profile.createContext();
+
+ IProfileAuthenticator authenticator = null;
+ try {
+ CMS.debug("Retrieving authenticator");
+ authenticator = profile.getAuthenticator();
+ if (authenticator == null) {
+ CMS.debug("No authenticator Found");
+ } else {
+ CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+ }
+ } catch (EProfileException e) {
+ // authenticator not installed correctly
+ }
+
+ IAuthToken authToken = null;
+
+ // for ssl authentication; pass in servlet for retrieving
+ // ssl client certificates
+ SessionContext context = SessionContext.getContext();
+
+ // insert profile context so that input parameter can be retrieved
+ context.put("profileContext", ctx);
+ context.put("sslClientCertProvider",
+ new SSLClientCertProvider(httpReq));
+
+ String p10Password = getPasswordFromP10(pkcs10data);
+ AuthCredentials credentials = new AuthCredentials();
+ credentials.set("UID", httpReq.getRemoteAddr());
+ credentials.set("PWD", p10Password);
+
if (authenticator == null) {
- CMS.debug("No authenticator Found");
+ // XXX - to help caRouterCert to work, we need to
+ // add authentication to caRouterCert
+ authToken = new AuthToken(null);
} else {
- CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+ authToken = authenticate(credentials, authenticator, httpReq);
}
- } catch (EProfileException e) {
- // authenticator not installed correctly
- }
-
- IAuthToken authToken = null;
-
- // for ssl authentication; pass in servlet for retrieving
- // ssl client certificates
- SessionContext context = SessionContext.getContext();
-
-
- // insert profile context so that input parameter can be retrieved
- context.put("profileContext", ctx);
- context.put("sslClientCertProvider",
- new SSLClientCertProvider(httpReq));
-
- String p10Password = getPasswordFromP10(pkcs10data);
- AuthCredentials credentials = new AuthCredentials();
- credentials.set("UID", httpReq.getRemoteAddr());
- credentials.set("PWD", p10Password);
-
- if (authenticator == null) {
- // XXX - to help caRouterCert to work, we need to
- // add authentication to caRouterCert
- authToken = new AuthToken(null);
- } else {
- authToken = authenticate(credentials, authenticator, httpReq);
- }
-
- IRequest reqs[] = null;
- CMS.debug("CRSEnrollment: Creating profile requests");
- ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
- ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
- Locale locale = Locale.getDefault();
- reqs = profile.createRequests(ctx, locale);
- if (reqs == null) {
- CMS.debug("CRSEnrollment: No request has been created");
- return null;
- } else {
- CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
- }
- // set transaction id
- reqs[0].setSourceId(req.getTransactionID());
- reqs[0].setExtData("profile", "true");
- reqs[0].setExtData("profileId", mProfileId);
- reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
- reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
- reqs[0].setExtData("requestor_name", "");
- reqs[0].setExtData("requestor_email", "");
- reqs[0].setExtData("requestor_phone", "");
- reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
- reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
- reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
-
- CMS.debug("CRSEnrollment: Populating inputs");
- profile.populateInput(ctx, reqs[0]);
- CMS.debug("CRSEnrollment: Populating requests");
- profile.populate(reqs[0]);
-
- CMS.debug("CRSEnrollment: Submitting request");
- profile.submit(authToken, reqs[0]);
- CMS.debug("CRSEnrollment: Done submitting request");
- profile.getRequestQueue().markAsServiced(reqs[0]);
- CMS.debug("CRSEnrollment: Request marked as serviced");
-
- return reqs[0];
-
- }
-
- IRequestQueue rq = ca.getRequestQueue();
- IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
-
- AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
- if (token != null) {
- pkiReq.setExtData(IRequest.AUTH_TOKEN,token);
- }
-
- pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
- X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
- pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } );
- pkiReq.setExtData("cepsubstore", mSubstoreName);
-
- try {
- String chpwd = (String)req.get(ChallengePassword.NAME);
- if (chpwd != null) {
- pkiReq.setExtData("challengePhrase",
- chpwd );
- }
- } catch (Exception pwex) {
- }
-
- Hashtable<?, ?> fingerprints = (Hashtable<?, ?>)req.get(IRequest.FINGERPRINTS);
- if (fingerprints.size() > 0) {
- Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
- Enumeration<?> e = fingerprints.keys();
- while (e.hasMoreElements()) {
- String key = (String)e.nextElement();
- byte[] value = (byte[])fingerprints.get(key);
- encodedPrints.put(key, CMS.BtoA(value));
- }
- pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
- }
-
- pkiReq.setSourceId(req.getTransactionID());
-
- rq.processRequest(pkiReq);
-
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+
+ IRequest reqs[] = null;
+ CMS.debug("CRSEnrollment: Creating profile requests");
+ ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
+ ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+ Locale locale = Locale.getDefault();
+ reqs = profile.createRequests(ctx, locale);
+ if (reqs == null) {
+ CMS.debug("CRSEnrollment: No request has been created");
+ return null;
+ } else {
+ CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
+ }
+ // set transaction id
+ reqs[0].setSourceId(req.getTransactionID());
+ reqs[0].setExtData("profile", "true");
+ reqs[0].setExtData("profileId", mProfileId);
+ reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
+ reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+ reqs[0].setExtData("requestor_name", "");
+ reqs[0].setExtData("requestor_email", "");
+ reqs[0].setExtData("requestor_phone", "");
+ reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
+ reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
+ reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
+
+ CMS.debug("CRSEnrollment: Populating inputs");
+ profile.populateInput(ctx, reqs[0]);
+ CMS.debug("CRSEnrollment: Populating requests");
+ profile.populate(reqs[0]);
+
+ CMS.debug("CRSEnrollment: Submitting request");
+ profile.submit(authToken, reqs[0]);
+ CMS.debug("CRSEnrollment: Done submitting request");
+ profile.getRequestQueue().markAsServiced(reqs[0]);
+ CMS.debug("CRSEnrollment: Request marked as serviced");
+
+ return reqs[0];
+
+ }
+
+ IRequestQueue rq = ca.getRequestQueue();
+ IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
+
+ AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
+ if (token != null) {
+ pkiReq.setExtData(IRequest.AUTH_TOKEN, token);
+ }
+
+ pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
+ X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
+ pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo });
+ pkiReq.setExtData("cepsubstore", mSubstoreName);
+
+ try {
+ String chpwd = (String) req.get(ChallengePassword.NAME);
+ if (chpwd != null) {
+ pkiReq.setExtData("challengePhrase",
+ chpwd);
+ }
+ } catch (Exception pwex) {
+ }
+
+ Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS);
+ if (fingerprints.size() > 0) {
+ Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
+ Enumeration<?> e = fingerprints.keys();
+ while (e.hasMoreElements()) {
+ String key = (String) e.nextElement();
+ byte[] value = (byte[]) fingerprints.get(key);
+ encodedPrints.put(key, CMS.BtoA(value));
+ }
+ pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
+ }
+
+ pkiReq.setSourceId(req.getTransactionID());
+
+ rq.processRequest(pkiReq);
+
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
AuditFormat.LEVEL,
AuditFormat.ENROLLMENTFORMAT,
new Object[] {
- pkiReq.getRequestId(),
- AuditFormat.FROMROUTER,
- mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
- "pending",
- subject ,
- ""}
+ pkiReq.getRequestId(),
+ AuditFormat.FROMROUTER,
+ mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
+ "pending",
+ subject,
+ "" }
);
-
- return pkiReq;
- }
-
+ return pkiReq;
+ }
- public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
+ public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>();
MessageDigest md;
- String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
- PKCS10 p10 = (PKCS10)req.getP10();
+ String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" };
+ PKCS10 p10 = (PKCS10) req.getP10();
- for (int i=0;i<hashes.length;i++) {
- try {
- md = MessageDigest.getInstance(hashes[i]);
- md.update(p10.getCertRequestInfo());
- fingerprints.put(hashes[i],md.digest());
- }
- catch (NoSuchAlgorithmException nsa) {}
+ for (int i = 0; i < hashes.length; i++) {
+ try {
+ md = MessageDigest.getInstance(hashes[i]);
+ md.update(p10.getCertRequestInfo());
+ fingerprints.put(hashes[i], md.digest());
+ } catch (NoSuchAlgorithmException nsa) {
+ }
}
- if (fingerprints != null) {
- req.put(IRequest.FINGERPRINTS,fingerprints);
- }
- return fingerprints;
- }
-
-
- // Take a look to see if the request was successful, and fill
- // in the response message
+ if (fingerprints != null) {
+ req.put(IRequest.FINGERPRINTS, fingerprints);
+ }
+ return fingerprints;
+ }
+ // Take a look to see if the request was successful, and fill
+ // in the response message
- private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
- IRequest pkiReq)
- {
+ private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
+ IRequest pkiReq) {
- X509CertImpl issuedCert=null;
+ X509CertImpl issuedCert = null;
RequestStatus status = pkiReq.getRequestStatus();
String profileId = pkiReq.getExtDataInString("profileId");
if (profileId != null) {
- CMS.debug("CRSEnrollment: Found profile request");
- X509CertImpl cert =
- pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- if (cert == null) {
- CMS.debug("CRSEnrollment: No certificate has been found");
- } else {
- CMS.debug("CRSEnrollment: Found certificate");
- }
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
- return cert;
+ CMS.debug("CRSEnrollment: Found profile request");
+ X509CertImpl cert =
+ pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ if (cert == null) {
+ CMS.debug("CRSEnrollment: No certificate has been found");
+ } else {
+ CMS.debug("CRSEnrollment: Found certificate");
+ }
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+ return cert;
}
-
- if ( status.equals(RequestStatus.COMPLETE)) {
+ if (status.equals(RequestStatus.COMPLETE)) {
Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT);
-
if (success.equals(IRequest.RES_SUCCESS)) {
// The cert was issued, lets send it back to the router
X509CertImpl[] issuedCertBuf =
- pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (issuedCertBuf == null || issuedCertBuf.length == 0) {
// writeError("Internal Error: Bad operation",httpReq,httpResp);
- CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " +
- "Bad operation" );
+ CMS.debug("CRSEnrollment::makeResponseFromRequest() - " +
+ "Bad operation");
return null;
}
issuedCert = issuedCertBuf[0];
crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
- }
- else { // status is not 'success' - there must've been a problem
-
+
+ } else { // status is not 'success' - there must've been a problem
+
crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg);
}
- }
- else if (status.equals(RequestStatus.REJECTED_STRING) ||
+ } else if (status.equals(RequestStatus.REJECTED_STRING) ||
status.equals(RequestStatus.CANCELED_STRING)) {
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
- }
- else { // not complete
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+ } else { // not complete
crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING);
}
return issuedCert;
}
+ protected String hashPassword(String pwd) {
+ String salt = "lala123";
+ byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes());
+ String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
+ return "{SHA}" + b64E;
+ }
+ /**
+ * Make the CRSPKIMESSAGE response
+ */
+ private void processCertRep(CryptoContext cx,
+ X509CertImpl issuedCert,
+ CRSPKIMessage crsResp,
+ CRSPKIMessage crsReq)
+ throws CRSFailureException {
+ byte[] msgdigest = null;
+ byte[] encryptedDesKey = null;
+ try {
+ if (issuedCert != null) {
+ SymmetricKey sk;
+ SymmetricKey skinternal;
- protected String hashPassword(String pwd) {
- String salt = "lala123";
- byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes());
- String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
- return "{SHA}"+b64E;
- }
+ KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+ EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
+ if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+ kga = KeyGenAlgorithm.DES3;
+ ea = EncryptionAlgorithm.DES3_CBC;
+ }
+ // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
+ byte toBeEncrypted[] =
+ crsResp.makeSignedRep(1, // version
+ issuedCert.getEncoded()
+ );
+ // 2. Encrypt the above byte array with a new random DES key
- /**
- * Make the CRSPKIMESSAGE response
- */
+ sk = cx.getDESKeyGenerator().generate();
+ skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
- private void processCertRep(CryptoContext cx,
- X509CertImpl issuedCert,
- CRSPKIMessage crsResp,
- CRSPKIMessage crsReq)
- throws CRSFailureException {
- byte[] msgdigest = null;
- byte[] encryptedDesKey = null;
-
- try {
- if (issuedCert != null) {
-
- SymmetricKey sk;
- SymmetricKey skinternal;
-
- KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
- EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
- if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
- kga = KeyGenAlgorithm.DES3;
- ea = EncryptionAlgorithm.DES3_CBC;
- }
-
- // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
-
- byte toBeEncrypted[] =
- crsResp.makeSignedRep(1, // version
- issuedCert.getEncoded()
- );
-
- // 2. Encrypt the above byte array with a new random DES key
-
- sk = cx.getDESKeyGenerator().generate();
-
- skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
-
- byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
-
-
- // This should be changed to generate proper DES IV.
-
- Cipher cipher = cx.getInternalToken().getCipherContext(ea);
- IVParameterSpec desIV =
- new IVParameterSpec(new byte[]{
- (byte)0xff, (byte)0x00,
- (byte)0xff, (byte)0x00,
- (byte)0xff, (byte)0x00,
- (byte)0xff, (byte)0x00 } );
-
- cipher.initEncrypt(sk,desIV);
- byte[] encryptedData = cipher.doFinal(padded);
-
- crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm);
-
- // 3. Extract the recipient's public key
-
- PublicKey rcpPK = crsReq.getSignerPublicKey();
-
-
- // 4. Encrypt the DES key with the public key
-
- // we have to move the key onto the interal token.
- //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
- skinternal = cx.getInternalToken().cloneKey(sk);
-
- KeyWrapper kw = cx.getInternalKeyWrapper();
- kw.initWrap(rcpPK, null);
- encryptedDesKey = kw.wrap(skinternal);
-
- crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
- crsResp.makeRecipientInfo(0, encryptedDesKey );
-
- }
-
-
- byte[] ed = crsResp.makeEnvelopedData(0);
-
- // 7. Make Digest of SignedData Content
- MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
- msgdigest = md.digest(ed);
-
- crsResp.setMsgDigest(msgdigest);
-
- }
-
- catch (Exception e) {
- throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage());
- }
-
-
- // 5. Make a RecipientInfo
-
- // The issuer name & serial number here, should be that of
- // the EE's self-signed Certificate
- // [I can get it from the req blob, but later, I should
- // store the recipient's self-signed certificate with the request
- // so I can get at it later. I need to do this to support
- // 'PENDING']
-
-
- try {
-
- // 8. Make Authenticated Attributes
- // we can just pull the transaction ID out of the request.
- // Later, we will have to put it out of the Request queue,
- // so we can support PENDING
- crsResp.setTransactionID(crsReq.getTransactionID());
- // recipientNonce and SenderNonce have already been set
-
- crsResp.makeAuthenticatedAttributes();
- // crsResp.makeAuthenticatedAttributes_old();
-
-
-
- // now package up the rest of the SignerInfo
- {
- byte[] signingcertbytes = cx.getSigningCert().getEncoded();
-
-
- Certificate.Template sgncert_t = new Certificate.Template();
- Certificate sgncert =
- (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
-
- IssuerAndSerialNumber sgniasn =
- new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
+ byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
+
+ // This should be changed to generate proper DES IV.
+
+ Cipher cipher = cx.getInternalToken().getCipherContext(ea);
+ IVParameterSpec desIV =
+ new IVParameterSpec(new byte[] {
+ (byte) 0xff, (byte) 0x00,
+ (byte) 0xff, (byte) 0x00,
+ (byte) 0xff, (byte) 0x00,
+ (byte) 0xff, (byte) 0x00 });
+
+ cipher.initEncrypt(sk, desIV);
+ byte[] encryptedData = cipher.doFinal(padded);
+
+ crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm);
+
+ // 3. Extract the recipient's public key
+
+ PublicKey rcpPK = crsReq.getSignerPublicKey();
+
+ // 4. Encrypt the DES key with the public key
+
+ // we have to move the key onto the interal token.
+ //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
+ skinternal = cx.getInternalToken().cloneKey(sk);
+
+ KeyWrapper kw = cx.getInternalKeyWrapper();
+ kw.initWrap(rcpPK, null);
+ encryptedDesKey = kw.wrap(skinternal);
+
+ crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
+ crsResp.makeRecipientInfo(0, encryptedDesKey);
+
+ }
+
+ byte[] ed = crsResp.makeEnvelopedData(0);
+
+ // 7. Make Digest of SignedData Content
+ MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
+ msgdigest = md.digest(ed);
+
+ crsResp.setMsgDigest(msgdigest);
+
+ }
+
+ catch (Exception e) {
+ throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage());
+ }
+
+ // 5. Make a RecipientInfo
+
+ // The issuer name & serial number here, should be that of
+ // the EE's self-signed Certificate
+ // [I can get it from the req blob, but later, I should
+ // store the recipient's self-signed certificate with the request
+ // so I can get at it later. I need to do this to support
+ // 'PENDING']
+
+ try {
+
+ // 8. Make Authenticated Attributes
+ // we can just pull the transaction ID out of the request.
+ // Later, we will have to put it out of the Request queue,
+ // so we can support PENDING
+ crsResp.setTransactionID(crsReq.getTransactionID());
+ // recipientNonce and SenderNonce have already been set
+
+ crsResp.makeAuthenticatedAttributes();
+ // crsResp.makeAuthenticatedAttributes_old();
+
+ // now package up the rest of the SignerInfo
+ {
+ byte[] signingcertbytes = cx.getSigningCert().getEncoded();
+
+ Certificate.Template sgncert_t = new Certificate.Template();
+ Certificate sgncert =
+ (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
+
+ IssuerAndSerialNumber sgniasn =
+ new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
sgncert.getInfo().getSerialNumber());
-
- crsResp.setSgnIssuerAndSerialNumber(sgniasn);
-
- // 10. Make SignerInfo
- crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
-
- // 11. Make SignedData
- crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
-
- crsResp.debug();
- }
- }
- catch (Exception e) {
- throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage());
- }
-
-
- // if debugging, dump out the response into a file
-
- }
-
-
-
- class CryptoContext {
- private CryptoManager cm;
- private CryptoToken internalToken;
- private CryptoToken keyStorageToken;
- private CryptoToken internalKeyStorageToken;
- private KeyGenerator DESkg;
- private Enumeration<?> externalTokens = null;
- private org.mozilla.jss.crypto.X509Certificate signingCert;
- private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
- private int signingCertKeySize = 0;
-
-
- class CryptoContextException extends Exception {
- /**
+
+ crsResp.setSgnIssuerAndSerialNumber(sgniasn);
+
+ // 10. Make SignerInfo
+ crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
+
+ // 11. Make SignedData
+ crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
+
+ crsResp.debug();
+ }
+ } catch (Exception e) {
+ throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage());
+ }
+
+ // if debugging, dump out the response into a file
+
+ }
+
+ class CryptoContext {
+ private CryptoManager cm;
+ private CryptoToken internalToken;
+ private CryptoToken keyStorageToken;
+ private CryptoToken internalKeyStorageToken;
+ private KeyGenerator DESkg;
+ private Enumeration<?> externalTokens = null;
+ private org.mozilla.jss.crypto.X509Certificate signingCert;
+ private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
+ private int signingCertKeySize = 0;
+
+ class CryptoContextException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = -1124116326126256475L;
- public CryptoContextException() { super(); }
- public CryptoContextException(String s) { super(s); }
- }
+ private static final long serialVersionUID = -1124116326126256475L;
- public CryptoContext()
- throws CryptoContextException
- {
- try {
- KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
- if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
- kga = KeyGenAlgorithm.DES3;
- }
- cm = CryptoManager.getInstance();
- internalToken = cm.getInternalCryptoToken();
- DESkg = internalToken.getKeyGenerator(kga);
- if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
- mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
- mTokenName.length() == 0) {
- keyStorageToken = cm.getInternalKeyStorageToken();
- internalKeyStorageToken = keyStorageToken;
- CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'");
- } else {
- keyStorageToken = cm.getTokenByName(mTokenName);
- internalKeyStorageToken = null;
- }
- if (!mUseCA && internalKeyStorageToken == null) {
- PasswordCallback cb = CMS.getPasswordCallback();
- keyStorageToken.login(cb); // ONE_TIME by default.
- }
- signingCert = cm.findCertByNickname(mNickname);
- signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
- byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
- SEQUENCE.Template outer = SEQUENCE.getTemplate();
- outer.addElement( ANY.getTemplate() ); // algid
- outer.addElement( BIT_STRING.getTemplate() );
- SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
- BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
- byte[] encPubKey = bs.getBits();
- if( bs.getPadCount() != 0) {
- throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
- }
- SEQUENCE.Template inner = new SEQUENCE.Template();
- inner.addElement( INTEGER.getTemplate());
- inner.addElement( INTEGER.getTemplate());
- SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
- INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
- signingCertKeySize = modulus.bitLength();
-
- try {
- FileOutputStream fos = new FileOutputStream("pubkey.der");
- fos.write(signingCert.getPublicKey().getEncoded());
- fos.close();
- } catch (Exception e) {}
-
- }
- catch (InvalidBERException e) {
- throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
- }
- catch (CryptoManager.NotInitializedException e) {
- throw new CryptoContextException("Crypto Manager not initialized");
- }
- catch (NoSuchAlgorithmException e) {
- throw new CryptoContextException("Cannot create DES key generator");
- }
- catch (ObjectNotFoundException e) {
- throw new CryptoContextException("Certificate not found: "+ca.getNickname());
- }
- catch (TokenException e) {
- throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
- }
- catch (NoSuchTokenException e) {
- throw new CryptoContextException("Crypto Token not found: "+e.getMessage());
- }
- catch (IncorrectPasswordException e) {
- throw new CryptoContextException("Incorrect Password.");
- }
- }
-
-
- public KeyGenerator getDESKeyGenerator() {
- return DESkg;
- }
+ public CryptoContextException() {
+ super();
+ }
- public CryptoToken getInternalToken() {
- return internalToken;
- }
+ public CryptoContextException(String s) {
+ super(s);
+ }
+ }
- public void setExternalTokens( Enumeration<?> tokens ) {
- externalTokens = tokens;
- }
+ public CryptoContext()
+ throws CryptoContextException {
+ try {
+ KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+ if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+ kga = KeyGenAlgorithm.DES3;
+ }
+ cm = CryptoManager.getInstance();
+ internalToken = cm.getInternalCryptoToken();
+ DESkg = internalToken.getKeyGenerator(kga);
+ if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+ mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
+ mTokenName.length() == 0) {
+ keyStorageToken = cm.getInternalKeyStorageToken();
+ internalKeyStorageToken = keyStorageToken;
+ CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'");
+ } else {
+ keyStorageToken = cm.getTokenByName(mTokenName);
+ internalKeyStorageToken = null;
+ }
+ if (!mUseCA && internalKeyStorageToken == null) {
+ PasswordCallback cb = CMS.getPasswordCallback();
+ keyStorageToken.login(cb); // ONE_TIME by default.
+ }
+ signingCert = cm.findCertByNickname(mNickname);
+ signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
+ byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
+ SEQUENCE.Template outer = SEQUENCE.getTemplate();
+ outer.addElement(ANY.getTemplate()); // algid
+ outer.addElement(BIT_STRING.getTemplate());
+ SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
+ BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
+ byte[] encPubKey = bs.getBits();
+ if (bs.getPadCount() != 0) {
+ throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
+ }
+ SEQUENCE.Template inner = new SEQUENCE.Template();
+ inner.addElement(INTEGER.getTemplate());
+ inner.addElement(INTEGER.getTemplate());
+ SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
+ INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
+ signingCertKeySize = modulus.bitLength();
- public Enumeration<?> getExternalTokens() {
- return externalTokens;
- }
+ try {
+ FileOutputStream fos = new FileOutputStream("pubkey.der");
+ fos.write(signingCert.getPublicKey().getEncoded());
+ fos.close();
+ } catch (Exception e) {
+ }
- public CryptoToken getInternalKeyStorageToken() {
- return internalKeyStorageToken;
- }
+ } catch (InvalidBERException e) {
+ throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
+ } catch (CryptoManager.NotInitializedException e) {
+ throw new CryptoContextException("Crypto Manager not initialized");
+ } catch (NoSuchAlgorithmException e) {
+ throw new CryptoContextException("Cannot create DES key generator");
+ } catch (ObjectNotFoundException e) {
+ throw new CryptoContextException("Certificate not found: " + ca.getNickname());
+ } catch (TokenException e) {
+ throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+ } catch (NoSuchTokenException e) {
+ throw new CryptoContextException("Crypto Token not found: " + e.getMessage());
+ } catch (IncorrectPasswordException e) {
+ throw new CryptoContextException("Incorrect Password.");
+ }
+ }
- public CryptoToken getKeyStorageToken() {
- return keyStorageToken;
- }
+ public KeyGenerator getDESKeyGenerator() {
+ return DESkg;
+ }
- public CryptoManager getCryptoManager() {
- return cm;
- }
+ public CryptoToken getInternalToken() {
+ return internalToken;
+ }
- public KeyWrapper getKeyWrapper()
- throws CryptoContextException {
- try {
- return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ public void setExternalTokens(Enumeration<?> tokens) {
+ externalTokens = tokens;
}
- catch (TokenException e) {
- throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+ public Enumeration<?> getExternalTokens() {
+ return externalTokens;
}
- catch (NoSuchAlgorithmException e) {
- throw new CryptoContextException(e.getMessage());
+
+ public CryptoToken getInternalKeyStorageToken() {
+ return internalKeyStorageToken;
}
- }
- public KeyWrapper getInternalKeyWrapper()
- throws CryptoContextException {
- try {
- return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ public CryptoToken getKeyStorageToken() {
+ return keyStorageToken;
}
- catch (TokenException e) {
- throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+ public CryptoManager getCryptoManager() {
+ return cm;
}
- catch (NoSuchAlgorithmException e) {
- throw new CryptoContextException(e.getMessage());
+
+ public KeyWrapper getKeyWrapper()
+ throws CryptoContextException {
+ try {
+ return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ } catch (TokenException e) {
+ throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+ } catch (NoSuchAlgorithmException e) {
+ throw new CryptoContextException(e.getMessage());
+ }
}
- }
- public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
- return signingCertPrivKey;
- }
+ public KeyWrapper getInternalKeyWrapper()
+ throws CryptoContextException {
+ try {
+ return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ } catch (TokenException e) {
+ throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+ } catch (NoSuchAlgorithmException e) {
+ throw new CryptoContextException(e.getMessage());
+ }
+ }
- public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
- return signingCert;
- }
-
- }
+ public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
+ return signingCertPrivKey;
+ }
+ public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
+ return signingCert;
+ }
- /* General failure. The request/response cannot be processed. */
+ }
+ /* General failure. The request/response cannot be processed. */
- class CRSFailureException extends Exception {
- /**
+ class CRSFailureException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = 1962741611501549051L;
- public CRSFailureException() { super(); }
- public CRSFailureException(String s) { super(s); }
- }
+ private static final long serialVersionUID = 1962741611501549051L;
- class CRSInvalidSignatureException extends Exception {
- /**
+ public CRSFailureException() {
+ super();
+ }
+
+ public CRSFailureException(String s) {
+ super(s);
+ }
+ }
+
+ class CRSInvalidSignatureException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = 9096408193567657944L;
- public CRSInvalidSignatureException() { super(); }
- public CRSInvalidSignatureException(String s) { super(s); }
- }
+ private static final long serialVersionUID = 9096408193567657944L;
+
+ public CRSInvalidSignatureException() {
+ super();
+ }
-
+ public CRSInvalidSignatureException(String s) {
+ super(s);
+ }
+ }
- class CRSPolicyException extends Exception {
- /**
+ class CRSPolicyException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = 5846593800658787396L;
- public CRSPolicyException() { super(); }
- public CRSPolicyException(String s) { super(s); }
- }
+ private static final long serialVersionUID = 5846593800658787396L;
-}
+ public CRSPolicyException() {
+ super();
+ }
+ public CRSPolicyException(String s) {
+ super(s);
+ }
+ }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
index 49a591f0..ff55dc9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
@@ -35,109 +35,107 @@ import netscape.security.x509.CertAttrSet;
*/
public class ChallengePassword implements CertAttrSet {
- public static final String NAME = "ChallengePassword";
- public static final String PASSWORD = "password";
-
- private String cpw;
-
-
- /**
- * Get the password marshalled in this object
- * @return the challenge password
- */
- public String toString() {
- return cpw;
- }
-
- /**
- * Create a ChallengePassword object
- * @param stuff (must be of type byte[]) a DER-encoded by array following
- * The ASN.1 template for ChallenegePassword specified in the SCEP
- * documentation
- * @throws IOException if the DER encoded byt array was malformed, or if it
- * did not match the template
- */
-
- public ChallengePassword(Object stuff)
- throws IOException {
-
- ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff);
- try {
- decode(is);
- } catch (Exception e) {
- throw new IOException(e.getMessage());
- }
-
- }
-
- /**
- * Currently Unimplemented
- */
- public void encode(OutputStream out)
- throws CertificateException, IOException
- { }
-
- public void decode(InputStream in)
- throws CertificateException, IOException
- {
+ public static final String NAME = "ChallengePassword";
+ public static final String PASSWORD = "password";
+
+ private String cpw;
+
+ /**
+ * Get the password marshalled in this object
+ *
+ * @return the challenge password
+ */
+ public String toString() {
+ return cpw;
+ }
+
+ /**
+ * Create a ChallengePassword object
+ *
+ * @param stuff (must be of type byte[]) a DER-encoded by array following
+ * The ASN.1 template for ChallenegePassword specified in the SCEP
+ * documentation
+ * @throws IOException if the DER encoded byt array was malformed, or if it
+ * did not match the template
+ */
+
+ public ChallengePassword(Object stuff)
+ throws IOException {
+
+ ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
+ try {
+ decode(is);
+ } catch (Exception e) {
+ throw new IOException(e.getMessage());
+ }
+
+ }
+
+ /**
+ * Currently Unimplemented
+ */
+ public void encode(OutputStream out)
+ throws CertificateException, IOException {
+ }
+
+ public void decode(InputStream in)
+ throws CertificateException, IOException {
DerValue derVal = new DerValue(in);
construct(derVal);
-
+
+ }
+
+ private void construct(DerValue derVal) throws IOException {
+ try {
+ cpw = derVal.getPrintableString();
+ } catch (NullPointerException e) {
+ cpw = "";
+ }
+ }
+
+ /**
+ * Currently Unimplemented
+ */
+ public void set(String name, Object obj)
+ throws CertificateException, IOException {
}
- private void construct(DerValue derVal) throws IOException {
- try {
- cpw = derVal.getPrintableString();
- }
- catch (NullPointerException e) {
- cpw = "";
- }
- }
-
-
- /**
- * Currently Unimplemented
- */
- public void set(String name, Object obj)
- throws CertificateException, IOException
- { }
-
- /**
- * Get an attribute of this object.
- * @param name the name of the attribute of this object to get. The only
- * supported attribute is "password"
- */
- public Object get(String name)
- throws CertificateException, IOException
- {
+ /**
+ * Get an attribute of this object.
+ *
+ * @param name the name of the attribute of this object to get. The only
+ * supported attribute is "password"
+ */
+ public Object get(String name)
+ throws CertificateException, IOException {
if (name.equalsIgnoreCase(PASSWORD)) {
return cpw;
- }
- else {
- throw new IOException("Attribute name not recognized by "+
+ } else {
+ throw new IOException("Attribute name not recognized by " +
"CertAttrSet: ChallengePassword");
}
}
-
- /**
- * Currently Unimplemented
- */
- public void delete(String name)
- throws CertificateException, IOException
- { }
-
- /**
- * @return an empty set of elements
- */
- public Enumeration<String> getAttributeNames()
- { return (new Vector<String>()).elements();}
-
- /**
- * @return the String "ChallengePassword"
- */
- public String getName()
- { return NAME;}
-
-
+
+ /**
+ * Currently Unimplemented
+ */
+ public void delete(String name)
+ throws CertificateException, IOException {
+ }
+
+ /**
+ * @return an empty set of elements
+ */
+ public Enumeration<String> getAttributeNames() {
+ return (new Vector<String>()).elements();
+ }
+
+ /**
+ * @return the String "ChallengePassword"
+ */
+ public String getName() {
+ return NAME;
+ }
+
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
index 6f689b34..b3a0f565 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
@@ -30,51 +30,46 @@ import netscape.security.util.DerValue;
import netscape.security.x509.CertAttrSet;
import netscape.security.x509.Extension;
-
public class ExtensionsRequested implements CertAttrSet {
+ public static final String NAME = "EXTENSIONS_REQUESTED";
- public static final String NAME = "EXTENSIONS_REQUESTED";
-
public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature";
- public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
+ public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
private String kue_digital_signature = "false";
- private String kue_key_encipherment = "false";
-
+ private String kue_key_encipherment = "false";
+
private Vector<Extension> exts = new Vector<Extension>();
public ExtensionsRequested(Object stuff) throws IOException {
ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
-
+
try {
decode(is);
- }
- catch (Exception e) {
+ } catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
}
}
-
- public void encode(OutputStream out)
- throws CertificateException, IOException
- { }
-
- public void decode(InputStream in)
- throws CertificateException, IOException
- {
+
+ public void encode(OutputStream out)
+ throws CertificateException, IOException {
+ }
+
+ public void decode(InputStream in)
+ throws CertificateException, IOException {
DerValue derVal = new DerValue(in);
-
+
construct(derVal);
}
-
+
public void set(String name, Object obj)
- throws CertificateException, IOException
- { }
-
- public Object get(String name)
- throws CertificateException, IOException
- {
+ throws CertificateException, IOException {
+ }
+
+ public Object get(String name)
+ throws CertificateException, IOException {
if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) {
return kue_digital_signature;
}
@@ -84,107 +79,99 @@ public class ExtensionsRequested implements CertAttrSet {
throw new IOException("Unsupported attribute queried");
}
-
- public void delete(String name)
- throws CertificateException, IOException
- {
+
+ public void delete(String name)
+ throws CertificateException, IOException {
+ }
+
+ public Enumeration<String> getAttributeNames() {
+ return (new Vector<String>()).elements();
+ }
+
+ public String getName() {
+ return NAME;
}
- public Enumeration<String> getAttributeNames()
- { return (new Vector<String>()).elements();}
-
- public String getName()
- { return NAME;}
-
-
-
-/**
- construct - expects this in the inputstream (from the router):
-
- 211 30 31: SEQUENCE {
- 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
- 225 31 17: SET {
- 227 04 15: OCTET STRING, encapsulates {
- 229 30 13: SEQUENCE {
- 231 30 11: SEQUENCE {
- 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
- 238 04 4: OCTET STRING
- : 03 02 05 A0
- : }
- : }
- : }
-
- or this (from IRE client):
-
- 262 30 51: SEQUENCE {
- 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
- 275 31 38: SET {
- 277 30 36: SEQUENCE {
- 279 30 34: SEQUENCE {
- 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
- 286 04 27: OCTET STRING
- : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
- : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
- : }
- : }
- : }
- : }
-
-
- */
+ /**
+ * construct - expects this in the inputstream (from the router):
+ *
+ * 211 30 31: SEQUENCE {
+ * 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
+ * 225 31 17: SET {
+ * 227 04 15: OCTET STRING, encapsulates {
+ * 229 30 13: SEQUENCE {
+ * 231 30 11: SEQUENCE {
+ * 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
+ * 238 04 4: OCTET STRING
+ * : 03 02 05 A0
+ * : }
+ * : }
+ * : }
+ *
+ * or this (from IRE client):
+ *
+ * 262 30 51: SEQUENCE {
+ * 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
+ * 275 31 38: SET {
+ * 277 30 36: SEQUENCE {
+ * 279 30 34: SEQUENCE {
+ * 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
+ * 286 04 27: OCTET STRING
+ * : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
+ * : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
+ * : }
+ * : }
+ * : }
+ * : }
+ */
private void construct(DerValue dv) throws IOException {
- DerInputStream stream = null;
- DerValue[] dvs;
+ DerInputStream stream = null;
+ DerValue[] dvs;
- try { // try decoding as sequence first
+ try { // try decoding as sequence first
- stream = dv.toDerInputStream();
+ stream = dv.toDerInputStream();
- DerValue stream_dv = stream.getDerValue();
- stream.reset();
-
+ DerValue stream_dv = stream.getDerValue();
+ stream.reset();
- dvs = stream.getSequence(2);
- }
- catch (IOException ioe) {
- // if it failed, the outer sequence may be
- // encapsulated in an octet string, as in the first
- // example above
+ dvs = stream.getSequence(2);
+ } catch (IOException ioe) {
+ // if it failed, the outer sequence may be
+ // encapsulated in an octet string, as in the first
+ // example above
- byte[] octet_string = dv.getOctetString();
+ byte[] octet_string = dv.getOctetString();
- // Make a new input stream from the byte array,
- // and re-parse it as a sequence.
+ // Make a new input stream from the byte array,
+ // and re-parse it as a sequence.
- dv = new DerValue(octet_string);
+ dv = new DerValue(octet_string);
- stream = dv.toDerInputStream();
- dvs = stream.getSequence(2);
- }
+ stream = dv.toDerInputStream();
+ dvs = stream.getSequence(2);
+ }
- // now, the stream will be in the correct format
- stream.reset();
+ // now, the stream will be in the correct format
+ stream.reset();
- while (true) {
- DerValue ext_dv=null;
- try {
- ext_dv = stream.getDerValue();
- }
- catch (IOException ex) {
- break;
- }
+ while (true) {
+ DerValue ext_dv = null;
+ try {
+ ext_dv = stream.getDerValue();
+ } catch (IOException ex) {
+ break;
+ }
- Extension ext = new Extension(ext_dv);
- exts.addElement(ext);
- }
+ Extension ext = new Extension(ext_dv);
+ exts.addElement(ext);
+ }
}
- public Vector<Extension> getExtensions() {
- return exts;
- }
+ public Vector<Extension> getExtensions() {
+ return exts;
+ }
}
-
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
index 759238d9..58c4276e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Hashtable;
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
* Authentication Credentials as input to the authMgr
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class AuthCredentials implements IAuthCredentials {
@@ -40,19 +38,21 @@ public class AuthCredentials implements IAuthCredentials {
private Hashtable authCreds = null;
// Inserted by bskim
private IArgBlock argblk = null;
+
// Insert end
-
+
public AuthCredentials() {
authCreds = new Hashtable();
}
/**
* sets a credential with credential name and the credential
+ *
* @param name credential name
* @param cred credential
* @exception com.netscape.certsrv.base.EBaseException NullPointerException
*/
- public void set(String name, Object cred)throws EBaseException {
+ public void set(String name, Object cred) throws EBaseException {
if (cred == null) {
throw new EBaseException("AuthCredentials.set()");
}
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
/**
* returns the credential to which the specified name is mapped in this
- * credential set
+ * credential set
+ *
* @param name credential name
* @return the named authentication credential
*/
@@ -72,8 +73,9 @@ public class AuthCredentials implements IAuthCredentials {
/**
* removes the name and its corresponding credential from this
- * credential set. This method does nothing if the named
- * credential is not in the credential set.
+ * credential set. This method does nothing if the named
+ * credential is not in the credential set.
+ *
* @param name credential name
*/
public void delete(String name) {
@@ -82,26 +84,26 @@ public class AuthCredentials implements IAuthCredentials {
/**
* returns an enumeration of the credentials in this credential
- * set. Use the Enumeration methods on the returned object to
- * fetch the elements sequentially.
+ * set. Use the Enumeration methods on the returned object to
+ * fetch the elements sequentially.
+ *
* @return an enumeration of the values in this credential set
* @see java.util.Enumeration
*/
public Enumeration getElements() {
return (authCreds.elements());
}
-
+
// Inserted by bskim
public void setArgBlock(IArgBlock blk) {
argblk = blk;
return;
- }
+ }
// Insert end
-
+
public IArgBlock getArgBlock() {
return argblk;
- }
+ }
// Insert end
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
index 3fac4a63..15b46e17 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -94,33 +93,33 @@ import com.netscape.certsrv.request.RequestStatus;
/**
* Utility CMCOutputTemplate
- *
+ *
* @version $ $, $Date$
*/
public class CMCOutputTemplate {
public CMCOutputTemplate() {
}
- public void createFullResponseWithFailedStatus(HttpServletResponse resp,
- SEQUENCE bpids, int code, UTF8String s) {
+ public void createFullResponseWithFailedStatus(HttpServletResponse resp,
+ SEQUENCE bpids, int code, UTF8String s) {
SEQUENCE controlSeq = new SEQUENCE();
SEQUENCE cmsSeq = new SEQUENCE();
SEQUENCE otherMsgSeq = new SEQUENCE();
int bpid = 1;
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(code), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(code), null);
CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
- new INTEGER(CMCStatusInfo.FAILED),
- bpids, s, otherInfo);
+ new INTEGER(CMCStatusInfo.FAILED),
+ bpids, s, otherInfo);
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
try {
ResponseBody respBody = new ResponseBody(controlSeq,
- cmsSeq, otherMsgSeq);
+ cmsSeq, otherMsgSeq);
SET certs = new SET();
ContentInfo contentInfo = getContentInfo(respBody, certs);
@@ -137,13 +136,13 @@ public class CMCOutputTemplate {
os.write(contentBytes);
os.flush();
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString());
return;
}
}
- public void createFullResponse(HttpServletResponse resp, IRequest []reqs,
- String cert_request_type, int[] error_codes) {
+ public void createFullResponse(HttpServletResponse resp, IRequest[] reqs,
+ String cert_request_type, int[] error_codes) {
SEQUENCE controlSeq = new SEQUENCE();
SEQUENCE cmsSeq = new SEQUENCE();
@@ -157,32 +156,32 @@ public class CMCOutputTemplate {
SEQUENCE success_bpids = null;
SEQUENCE failed_bpids = null;
if (cert_request_type.equals("crmf") ||
- cert_request_type.equals("pkcs10")) {
+ cert_request_type.equals("pkcs10")) {
String reqId = reqs[0].getRequestId().toString();
OtherInfo otherInfo = null;
if (error_codes[0] == 2) {
PendInfo pendInfo = new PendInfo(reqId, new Date());
otherInfo = new OtherInfo(OtherInfo.PEND, null,
- pendInfo);
+ pendInfo);
} else {
- otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_REQUEST), null);
+ otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_REQUEST), null);
}
-
+
SEQUENCE bpids = new SEQUENCE();
bpids.addElement(new INTEGER(1));
CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
- bpids, (String)null, otherInfo);
+ bpids, (String) null, otherInfo);
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
} else if (cert_request_type.equals("cmc")) {
pending_bpids = new SEQUENCE();
success_bpids = new SEQUENCE();
failed_bpids = new SEQUENCE();
if (reqs != null) {
- for (int i=0; i<reqs.length; i++) {
+ for (int i = 0; i < reqs.length; i++) {
if (error_codes[i] == 0) {
success_bpids.addElement(new INTEGER(
reqs[i].getExtDataInBigInteger("bodyPartId")));
@@ -192,77 +191,77 @@ public class CMCOutputTemplate {
} else {
failed_bpids.addElement(new INTEGER(
reqs[i].getExtDataInBigInteger("bodyPartId")));
- }
+ }
}
}
TaggedAttribute tagattr = null;
CMCStatusInfo cmcStatusInfo = null;
- SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof");
+ SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof");
if (identityBpids != null && identityBpids.size() > 0) {
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_IDENTITY), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_IDENTITY), null);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- identityBpids, (String)null, otherInfo);
+ identityBpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
- SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness");
+ SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness");
if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_REQUEST), null);
+ new INTEGER(OtherInfo.BAD_REQUEST), null);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- POPLinkWitnessBpids, (String)null, otherInfo);
+ POPLinkWitnessBpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
if (pending_bpids.size() > 0) {
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
- pending_bpids, (String)null, null);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
+ pending_bpids, (String) null, null);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(tagattr);
- }
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(tagattr);
+ }
if (success_bpids.size() > 0) {
boolean confirmRequired = false;
try {
- confirmRequired =
- CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired",
- false);
- } catch (Exception e) {
+ confirmRequired =
+ CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired",
+ false);
+ } catch (Exception e) {
}
if (confirmRequired) {
CMS.debug("CMCOutputTemplate: confirmRequired in the request");
- cmcStatusInfo =
- new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED,
- success_bpids, (String)null, null);
+ cmcStatusInfo =
+ new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED,
+ success_bpids, (String) null, null);
} else {
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- success_bpids, (String)null, null);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
+ success_bpids, (String) null, null);
}
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(tagattr);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(tagattr);
}
if (failed_bpids.size() > 0) {
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_REQUEST), null);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- failed_bpids, (String)null, otherInfo);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_REQUEST), null);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(tagattr);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(tagattr);
}
}
@@ -270,80 +269,80 @@ public class CMCOutputTemplate {
try {
// deal with controls
- Integer nums = (Integer)(context.get("numOfControls"));
+ Integer nums = (Integer) (context.get("numOfControls"));
if (nums != null && nums.intValue() > 0) {
TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
if (attr != null) {
try {
processGetCertControl(attr, certs);
} catch (EBaseException ee) {
- CMS.debug("CMCOutputTemplate: "+ee.toString());
+ CMS.debug("CMCOutputTemplate: " + ee.toString());
OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_CERT_ID), null);
+ new INTEGER(OtherInfo.BAD_CERT_ID), null);
SEQUENCE bpids1 = new SEQUENCE();
bpids1.addElement(attr.getBodyPartID());
CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo(
- new INTEGER(CMCStatusInfo.FAILED),
- bpids1, null, otherInfo1);
+ new INTEGER(CMCStatusInfo.FAILED),
+ bpids1, null, otherInfo1);
TaggedAttribute tagattr1 = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
controlSeq.addElement(tagattr1);
}
}
- attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
+ attr =
+ (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
if (attr != null)
bpid = processDataReturnControl(attr, controlSeq, bpid);
attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId);
+ (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId);
if (attr != null)
bpid = processTransactionControl(attr, controlSeq, bpid);
attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
+ (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
if (attr != null)
bpid = processSenderNonceControl(attr, controlSeq, bpid);
attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
+ (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
if (attr != null)
- bpid = processQueryPendingControl(attr, controlSeq, bpid);
+ bpid = processQueryPendingControl(attr, controlSeq, bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
+ attr =
+ (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
- if (attr != null)
+ if (attr != null)
bpid = processConfirmCertAcceptanceControl(attr, controlSeq,
- bpid);
+ bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
+ attr =
+ (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
- if (attr != null)
+ if (attr != null)
bpid = processRevokeRequestControl(attr, controlSeq,
- bpid);
+ bpid);
}
if (success_bpids != null && success_bpids.size() > 0) {
- for (int i=0; i<reqs.length; i++) {
+ for (int i = 0; i < reqs.length; i++) {
if (error_codes[i] == 0) {
- X509CertImpl impl =
- (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+ X509CertImpl impl =
+ (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert = (Certificate)certTemplate.decode(
- new ByteArrayInputStream(bin));
+ Certificate cert = (Certificate) certTemplate.decode(
+ new ByteArrayInputStream(bin));
certs.addElement(cert);
}
}
}
ResponseBody respBody = new ResponseBody(controlSeq,
- cmsSeq, otherMsgSeq);
+ cmsSeq, otherMsgSeq);
ContentInfo contentInfo = getContentInfo(respBody, certs);
ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -354,16 +353,16 @@ public class CMCOutputTemplate {
resp.setContentType("application/pkcs7-mime");
resp.setContentLength(contentBytes.length);
OutputStream os = resp.getOutputStream();
- os.write(contentBytes);
+ os.write(contentBytes);
os.flush();
} catch (java.security.cert.CertificateEncodingException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (InvalidBERException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (IOException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (Exception e) {
- CMS.debug("Exception: "+e.toString());
+ CMS.debug("Exception: " + e.toString());
}
}
@@ -371,48 +370,48 @@ public class CMCOutputTemplate {
try {
ICertificateAuthority ca = null;
// add CA cert chain
- ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ca = (ICertificateAuthority) CMS.getSubsystem("ca");
CertificateChain certchains = ca.getCACertChain();
java.security.cert.X509Certificate[] chains = certchains.getChain();
- for (int i=0; i<chains.length; i++) {
+ for (int i = 0; i < chains.length; i++) {
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert = (Certificate)certTemplate.decode(
- new ByteArrayInputStream(chains[i].getEncoded()));
+ Certificate cert = (Certificate) certTemplate.decode(
+ new ByteArrayInputStream(chains[i].getEncoded()));
certs.addElement(cert);
}
-
+
EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(
- OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
+ OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
org.mozilla.jss.crypto.X509Certificate x509CAcert = null;
x509CAcert = ca.getCaX509Cert();
X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded());
- X500Name issuerName = (X500Name)caimpl.getIssuerDN();
+ X500Name issuerName = (X500Name) caimpl.getIssuerDN();
byte[] issuerByte = issuerName.getEncoded();
- ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
+ ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
Name issuer = (Name) Name.getTemplate().decode(istream);
IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
- issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
+ issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
SignerIdentifier si = new SignerIdentifier(
- SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
// use CA instance's default signature and digest algorithm
SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm();
org.mozilla.jss.crypto.PrivateKey privKey =
- CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
-/*
- org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
- if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
- signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
- signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
- } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
- signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
- } else {
- CMS.debug( "CMCOutputTemplate::getContentInfo() - "
- + "signAlg is unsupported!" );
- return null;
- }
-*/
+ CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
+ /*
+ org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
+ if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
+ signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
+ } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+ signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
+ } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
+ signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
+ } else {
+ CMS.debug( "CMCOutputTemplate::getContentInfo() - "
+ + "signAlg is unsupported!" );
+ return null;
+ }
+ */
DigestAlgorithm digestAlg = signAlg.getDigestAlg();
MessageDigest msgDigest = null;
byte[] digest = null;
@@ -425,9 +424,9 @@ public class CMCOutputTemplate {
digest = msgDigest.digest(ostream.toByteArray());
SignerInfo signInfo = new
- SignerInfo(si, null, null,
- OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg, privKey);
+ SignerInfo(si, null, null,
+ OBJECT_IDENTIFIER.id_cct_PKIResponse,
+ digest, signAlg, privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
@@ -436,30 +435,30 @@ public class CMCOutputTemplate {
if (digestAlg != null) {
AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(), null);
-
+ AlgorithmIdentifier(digestAlg.toOID(), null);
+
digestAlgs.addElement(ai);
}
SignedData signedData = new SignedData(digestAlgs,
- enContentInfo, certs, null, signInfos);
+ enContentInfo, certs, null, signInfos);
ContentInfo contentInfo = new ContentInfo(signedData);
CMS.debug("CMCOutputTemplate::getContentInfo() - done");
return contentInfo;
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString());
}
- return null;
+ return null;
}
- public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) {
+ public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) {
SET certs = new SET();
SessionContext context = SessionContext.getContext();
try {
- TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ TaggedAttribute attr =
+ (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
processGetCertControl(attr, certs);
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("CMCOutputTemplate: No certificate is found.");
}
@@ -472,34 +471,34 @@ public class CMCOutputTemplate {
try {
if (reqs != null) {
- for (int i=0; i<reqs.length; i++) {
- X509CertImpl impl =
- (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+ for (int i = 0; i < reqs.length; i++) {
+ X509CertImpl impl =
+ (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert =
- (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+ Certificate cert =
+ (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
certs.addElement(cert);
}
// Get CA certs
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
CertificateChain certchains = ca.getCACertChain();
java.security.cert.X509Certificate[] chains = certchains.getChain();
- for (int i=0; i<chains.length; i++) {
+ for (int i = 0; i < chains.length; i++) {
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert = (Certificate)certTemplate.decode(
- new ByteArrayInputStream(chains[i].getEncoded()));
+ Certificate cert = (Certificate) certTemplate.decode(
+ new ByteArrayInputStream(chains[i].getEncoded()));
certs.addElement(cert);
}
}
-
+
if (certs.size() == 0)
return;
SignedData signedData = new SignedData(digestAlgorithms,
- enContentInfo, certs, null, signedInfos);
+ enContentInfo, certs, null, signedInfos);
ContentInfo contentInfo = new ContentInfo(signedData);
ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -510,48 +509,48 @@ public class CMCOutputTemplate {
resp.setContentType("application/pkcs7-mime");
resp.setContentLength(contentBytes.length);
OutputStream os = resp.getOutputStream();
- os.write(contentBytes);
+ os.write(contentBytes);
os.flush();
} catch (java.security.cert.CertificateEncodingException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (InvalidBERException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (IOException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
}
}
private int processConfirmCertAcceptanceControl(
- TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
+ TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
if (attr != null) {
INTEGER bodyId = attr.getBodyPartID();
SEQUENCE seq = new SEQUENCE();
- seq.addElement(bodyId);
+ seq.addElement(bodyId);
SET values = attr.getValues();
if (values != null && values.size() > 0) {
try {
- CMCCertId cmcCertId =
- (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(),
- ASN1Util.encode(values.elementAt(0))));
- BigInteger serialno = (BigInteger)(cmcCertId.getSerial());
- SEQUENCE issuers = cmcCertId.getIssuer();
+ CMCCertId cmcCertId =
+ (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(),
+ ASN1Util.encode(values.elementAt(0))));
+ BigInteger serialno = (BigInteger) (cmcCertId.getSerial());
+ SEQUENCE issuers = cmcCertId.getIssuer();
//ANY issuer = (ANY)issuers.elementAt(0);
- ANY issuer =
- (ANY)(ASN1Util.decode(ANY.getTemplate(),
- ASN1Util.encode(issuers.elementAt(0))));
+ ANY issuer =
+ (ANY) (ASN1Util.decode(ANY.getTemplate(),
+ ASN1Util.encode(issuers.elementAt(0))));
byte[] b = issuer.getEncoded();
X500Name n = new X500Name(b);
ICertificateAuthority ca = null;
- ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ca = (ICertificateAuthority) CMS.getSubsystem("ca");
X500Name caName = ca.getX500Name();
boolean confirmAccepted = false;
if (n.toString().equalsIgnoreCase(caName.toString())) {
CMS.debug("CMCOutputTemplate: Issuer names are equal");
ICertificateRepository repository =
- (ICertificateRepository)ca.getCertificateRepository();
+ (ICertificateRepository) ca.getCertificateRepository();
X509CertImpl impl = null;
try {
- repository.getX509Certificate(serialno);
+ repository.getX509Certificate(serialno);
} catch (EBaseException ee) {
CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found");
}
@@ -559,77 +558,77 @@ public class CMCOutputTemplate {
CMCStatusInfo cmcStatusInfo = null;
if (confirmAccepted) {
CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository.");
- cmcStatusInfo =
- new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
- (String)null, null);
+ cmcStatusInfo =
+ new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
+ (String) null, null);
} else {
CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository.");
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_CERT_ID), null);
- cmcStatusInfo =
- new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
- (String)null, otherInfo);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_CERT_ID), null);
+ cmcStatusInfo =
+ new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
+ (String) null, otherInfo);
}
TaggedAttribute statustagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(statustagattr);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(statustagattr);
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
}
- }
+ }
}
return bpid;
}
private void processGetCertControl(TaggedAttribute attr, SET certs)
- throws InvalidBERException, java.security.cert.CertificateEncodingException,
- IOException, EBaseException {
+ throws InvalidBERException, java.security.cert.CertificateEncodingException,
+ IOException, EBaseException {
if (attr != null) {
SET vals = attr.getValues();
if (vals.size() == 1) {
GetCert getCert =
- (GetCert)(ASN1Util.decode(GetCert.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
- BigInteger serialno = (BigInteger)(getCert.getSerialNumber());
- ANY issuer = (ANY)getCert.getIssuer();
+ (GetCert) (ASN1Util.decode(GetCert.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
+ BigInteger serialno = (BigInteger) (getCert.getSerialNumber());
+ ANY issuer = (ANY) getCert.getIssuer();
byte b[] = issuer.getEncoded();
X500Name n = new X500Name(b);
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
X500Name caName = ca.getX500Name();
if (!n.toString().equalsIgnoreCase(caName.toString())) {
CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control");
throw new EBaseException("Certificate is not found");
}
ICertificateRepository repository =
- (ICertificateRepository)ca.getCertificateRepository();
+ (ICertificateRepository) ca.getCertificateRepository();
X509CertImpl impl = repository.getX509Certificate(serialno);
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
Certificate cert =
- (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+ (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
certs.addElement(cert);
}
}
}
-
+
private int processQueryPendingControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) {
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
SET values = attr.getValues();
- if (values != null && values.size() > 0) {
+ if (values != null && values.size() > 0) {
SEQUENCE pending_bpids = new SEQUENCE();
SEQUENCE success_bpids = new SEQUENCE();
SEQUENCE failed_bpids = new SEQUENCE();
- for (int i=0; i<values.size(); i++) {
+ for (int i = 0; i < values.size(); i++) {
try {
INTEGER reqId = (INTEGER)
- ASN1Util.decode(INTEGER.getTemplate(),
- ASN1Util.encode(values.elementAt(i)));
+ ASN1Util.decode(INTEGER.getTemplate(),
+ ASN1Util.encode(values.elementAt(i)));
String requestId = new String(reqId.toByteArray());
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
IRequestQueue queue = ca.getRequestQueue();
IRequest r = queue.findRequest(new RequestId(requestId));
if (r != null) {
@@ -649,43 +648,43 @@ public class CMCOutputTemplate {
if (pending_bpids.size() > 0) {
CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
- pending_bpids, (String)null, null);
+ pending_bpids, (String) null, null);
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
if (success_bpids.size() > 0) {
CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- pending_bpids, (String)null, null);
+ pending_bpids, (String) null, null);
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
if (failed_bpids.size() > 0) {
CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- pending_bpids, (String)null, null);
+ pending_bpids, (String) null, null);
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
- }
+ }
}
return bpid;
}
- private int processTransactionControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) {
+ private int processTransactionControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
SET transIds = attr.getValues();
if (transIds != null) {
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
- transIds);
+ new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
+ transIds);
controlSeq.addElement(tagattr);
}
}
@@ -694,16 +693,16 @@ public class CMCOutputTemplate {
}
private int processSenderNonceControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) {
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
SET sNonce = attr.getValues();
if (sNonce != null) {
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
- sNonce);
+ new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
+ sNonce);
controlSeq.addElement(tagattr);
Date date = new Date();
- String salt = "lala123"+date.toString();
+ String salt = "lala123" + date.toString();
byte[] dig;
try {
MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
@@ -714,8 +713,8 @@ public class CMCOutputTemplate {
String b64E = CMS.BtoA(dig);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
- new OCTET_STRING(b64E.getBytes()));
+ new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
+ new OCTET_STRING(b64E.getBytes()));
controlSeq.addElement(tagattr);
}
}
@@ -723,29 +722,29 @@ public class CMCOutputTemplate {
return bpid;
}
- private int processDataReturnControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) throws InvalidBERException {
+ private int processDataReturnControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) throws InvalidBERException {
if (attr != null) {
SET vals = attr.getValues();
-
+
if (vals.size() > 0) {
- OCTET_STRING str =
- (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ OCTET_STRING str =
+ (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
- controlSeq.addElement(tagattr);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
+ controlSeq.addElement(tagattr);
}
- }
+ }
return bpid;
}
- private int processRevokeRequestControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
- IOException {
+ private int processRevokeRequestControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
+ IOException {
boolean revoke = false;
SessionContext context = SessionContext.getContext();
if (attr != null) {
@@ -754,10 +753,10 @@ public class CMCOutputTemplate {
SET vals = attr.getValues();
if (vals.size() > 0) {
RevRequest revRequest =
- (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
- ASN1Util.encode(vals.elementAt(0))));
+ (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
+ ASN1Util.encode(vals.elementAt(0))));
OCTET_STRING str = revRequest.getSharedSecret();
- INTEGER pid = attr.getBodyPartID();
+ INTEGER pid = attr.getBodyPartID();
TaggedAttribute tagattr = null;
INTEGER revokeCertSerial = revRequest.getSerialNumber();
BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray());
@@ -767,25 +766,25 @@ public class CMCOutputTemplate {
needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true);
} catch (Exception e) {
}
-
+
if (needVerify) {
- Integer num1 = (Integer)context.get("numOfOtherMsgs");
+ Integer num1 = (Integer) context.get("numOfOtherMsgs");
int num = num1.intValue();
- for (int i=0; i<num; i++) {
- OtherMsg data = (OtherMsg)context.get("otherMsg"+i);
- INTEGER dpid = data.getBodyPartID();
+ for (int i = 0; i < num; i++) {
+ OtherMsg data = (OtherMsg) context.get("otherMsg" + i);
+ INTEGER dpid = data.getBodyPartID();
if (pid.longValue() == dpid.longValue()) {
- ANY msgValue = data.getOtherMsgValue();
- SignedData msgData =
- (SignedData)msgValue.decodeWith(SignedData.getTemplate());
+ ANY msgValue = data.getOtherMsgValue();
+ SignedData msgData =
+ (SignedData) msgValue.decodeWith(SignedData.getTemplate());
if (!verifyRevRequestSignature(msgData)) {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -794,7 +793,7 @@ public class CMCOutputTemplate {
}
revoke = true;
- // check shared secret
+ // check shared secret
} else {
ISharedToken tokenClass = null;
boolean sharedSecretFound = true;
@@ -810,15 +809,15 @@ public class CMCOutputTemplate {
}
try {
- tokenClass = (ISharedToken)Class.forName(name).newInstance();
+ tokenClass = (ISharedToken) Class.forName(name).newInstance();
} catch (ClassNotFoundException e) {
- CMS.debug("EnrollProfile: Failed to find class name: "+name);
+ CMS.debug("EnrollProfile: Failed to find class name: " + name);
sharedSecretFound = false;
} catch (InstantiationException e) {
- CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+ CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
sharedSecretFound = false;
} catch (IllegalAccessException e) {
- CMS.debug("EnrollProfile: Illegal access: "+name);
+ CMS.debug("EnrollProfile: Illegal access: " + name);
sharedSecretFound = false;
}
@@ -827,10 +826,10 @@ public class CMCOutputTemplate {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -846,10 +845,10 @@ public class CMCOutputTemplate {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -864,23 +863,23 @@ public class CMCOutputTemplate {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
- }
+ }
if (revoke) {
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
- ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository();
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
+ ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository();
ICertRecord record = null;
try {
record = repository.readCertificateRecord(revokeSerial);
} catch (EBaseException ee) {
- CMS.debug("CMCOutputTemplate: Exception: "+ee.toString());
+ CMS.debug("CMCOutputTemplate: Exception: " + ee.toString());
}
if (record == null) {
@@ -888,10 +887,10 @@ public class CMCOutputTemplate {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -901,10 +900,10 @@ public class CMCOutputTemplate {
SEQUENCE success_bpids = new SEQUENCE();
success_bpids.addElement(attrbpid);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- success_bpids, (String)null, null);
+ success_bpids, (String) null, null);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -928,7 +927,7 @@ public class CMCOutputTemplate {
RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn);
RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1];
revCertImpls[0] = revCertImpl;
- IRequestQueue queue = ca.getRequestQueue();
+ IRequestQueue queue = ca.getRequestQueue();
IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REVOKED_REASON,
@@ -941,17 +940,17 @@ public class CMCOutputTemplate {
RequestStatus stat = revReq.getRequestStatus();
if (stat == RequestStatus.COMPLETE) {
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
- CMS.debug("CMCOutputTemplate: revReq result = "+result);
+ CMS.debug("CMCOutputTemplate: revReq result = " + result);
if (result.equals(IRequest.RES_ERROR)) {
CMS.debug("CMCOutputTemplate: revReq exception: " +
revReq.getExtDataInString(IRequest.ERROR));
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -960,36 +959,36 @@ public class CMCOutputTemplate {
ILogger logger = CMS.getLogger();
String initiative = AuditFormat.FROMUSER;
logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT, new Object[] {
- revReq.getRequestId(), initiative, "completed",
- impl.getSubjectDN(),
- impl.getSerialNumber().toString(16),
- reason.toString()});
+ AuditFormat.DOREVOKEFORMAT, new Object[] {
+ revReq.getRequestId(), initiative, "completed",
+ impl.getSubjectDN(),
+ impl.getSerialNumber().toString(16),
+ reason.toString() });
CMS.debug("CMCOutputTemplate: Certificate get revoked.");
SEQUENCE success_bpids = new SEQUENCE();
success_bpids.addElement(attrbpid);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- success_bpids, (String)null, null);
+ success_bpids, (String) null, null);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
} else {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
}
}
- return bpid;
+ return bpid;
}
private RevocationReason toRevocationReason(ENUMERATED n) {
@@ -998,7 +997,7 @@ public class CMCOutputTemplate {
return RevocationReason.UNSPECIFIED;
else if (code == RevRequest.affiliationChanged.getValue())
return RevocationReason.AFFILIATION_CHANGED;
- else if (code == RevRequest.cACompromise.getValue())
+ else if (code == RevRequest.cACompromise.getValue())
return RevocationReason.CA_COMPROMISE;
else if (code == RevRequest.certificateHold.getValue())
return RevocationReason.CERTIFICATE_HOLD;
@@ -1022,33 +1021,33 @@ public class CMCOutputTemplate {
EncapsulatedContentInfo ci = msgData.getContentInfo();
OCTET_STRING content = ci.getContent();
ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
- TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s);
+ TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s);
SET values = tattr.getValues();
RevRequest revRequest = null;
if (values != null && values.size() > 0)
revRequest =
- (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
- ASN1Util.encode(values.elementAt(0))));
+ (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
+ ASN1Util.encode(values.elementAt(0))));
SET dias = msgData.getDigestAlgorithmIdentifiers();
int numDig = dias.size();
Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>();
- for (int i=0; i<numDig; i++) {
+ for (int i = 0; i < numDig; i++) {
AlgorithmIdentifier dai =
- (AlgorithmIdentifier) dias.elementAt(i);
+ (AlgorithmIdentifier) dias.elementAt(i);
String name =
- DigestAlgorithm.fromOID(dai.getOID()).toString();
+ DigestAlgorithm.fromOID(dai.getOID()).toString();
MessageDigest md =
- MessageDigest.getInstance(name);
+ MessageDigest.getInstance(name);
byte[] digest = md.digest(content.toByteArray());
digs.put(name, digest);
}
SET sis = msgData.getSignerInfos();
- int numSis = sis.size();
- for (int i=0; i<numSis; i++) {
+ int numSis = sis.size();
+ for (int i = 0; i < numSis; i++) {
org.mozilla.jss.pkix.cms.SignerInfo si =
- (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i);
+ (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
String name = si.getDigestAlgorithm().toString();
byte[] digest = digs.get(name);
if (digest == null) {
@@ -1060,21 +1059,21 @@ public class CMCOutputTemplate {
SignerIdentifier sid = si.getSignerIdentifier();
if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber =
- sid.getIssuerAndSerialNumber();
+ sid.getIssuerAndSerialNumber();
java.security.cert.X509Certificate cert = null;
if (msgData.hasCertificates()) {
SET certs = msgData.getCertificates();
int numCerts = certs.size();
- for (int j=0; j<numCerts; j++) {
+ for (int j = 0; j < numCerts; j++) {
org.mozilla.jss.pkix.cert.Certificate certJss =
- (Certificate) certs.elementAt(j);
- org.mozilla.jss.pkix.cert.CertificateInfo certI =
- certJss.getInfo();
+ (Certificate) certs.elementAt(j);
+ org.mozilla.jss.pkix.cert.CertificateInfo certI =
+ certJss.getInfo();
Name issuer = certI.getIssuer();
byte[] issuerB = ASN1Util.encode(issuer);
INTEGER sn = certI.getSerialNumber();
if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) &&
- sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+ sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
ByteArrayOutputStream os = new ByteArrayOutputStream();
certJss.encode(os);
cert = new X509CertImpl(os.toByteArray());
@@ -1082,23 +1081,23 @@ public class CMCOutputTemplate {
}
}
}
-
+
if (cert != null) {
PublicKey pbKey = cert.getPublicKey();
- String type = ((X509Key)pbKey).getAlgorithm();
+ String type = ((X509Key) pbKey).getAlgorithm();
PrivateKey.Type kType = PrivateKey.RSA;
if (type.equals("DSA"))
kType = PrivateKey.DSA;
- PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey());
+ PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey());
si.verify(digest, ci.getContentType(), pubK);
return true;
}
- }
- }
-
+ }
+ }
+
return false;
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString());
return false;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
index 7f89297c..4d7c4cdd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.logging.ILogger;
-
/**
* CMSFile represents a file from the filesystem cached in memory
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSFile {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
index bf4c3cf6..9a91cb72 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
@@ -26,10 +25,9 @@ import java.util.Hashtable;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-
/**
* CMSFileLoader - file cache.
- *
+ *
* @version $Revision$, $Date$
*/
@@ -52,7 +50,7 @@ public class CMSFileLoader {
private int mMaxSize = MAX_SIZE;
// number of files to clear when max is reached.
- private int mClearSize = CLEAR_SIZE;
+ private int mClearSize = CLEAR_SIZE;
// whether to cache templates and forms only.
private boolean mCacheTemplatesOnly = true;
@@ -63,7 +61,7 @@ public class CMSFileLoader {
public void init(IConfigStore config) throws EBaseException {
mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE);
mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE);
- mCacheTemplatesOnly =
+ mCacheTemplatesOnly =
config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true);
}
@@ -103,7 +101,7 @@ public class CMSFileLoader {
if (cmsFile == null || modified != lastModified) {
// Changed by bskim
//cmsFile = updateFile(absPath, file);
- cmsFile = updateFile(absPath, file, enc);
+ cmsFile = updateFile(absPath, file, enc);
// Change end
}
cmsFile.setLastAccess(System.currentTimeMillis());
@@ -112,9 +110,9 @@ public class CMSFileLoader {
// Changed by bskim
//private CMSFile updateFile(String absPath, File file)
- private CMSFile updateFile(String absPath, File file, String enc)
- // Change end
- throws EBaseException, IOException {
+ private CMSFile updateFile(String absPath, File file, String enc)
+ // Change end
+ throws EBaseException, IOException {
// clear if cache size exceeded.
if (mLoadedFiles.size() >= mMaxSize) {
clearSomeFiles();
@@ -131,18 +129,18 @@ public class CMSFileLoader {
} else {
cmsFile = new CMSFile(file);
}
- mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
+ mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
return cmsFile;
}
private synchronized void clearSomeFiles() {
// recheck this in case some other thread has cleared it.
- if (mLoadedFiles.size() < mMaxSize)
+ if (mLoadedFiles.size() < mMaxSize)
return;
- // remove the LRU files.
- // XXX could be optimized more.
+ // remove the LRU files.
+ // XXX could be optimized more.
Enumeration elements = mLoadedFiles.elements();
for (int i = mClearSize; i > 0; i--) {
@@ -160,4 +158,3 @@ public class CMSFileLoader {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
index a76b1c75..7ae242ae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
@@ -17,14 +17,12 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.ListResourceBundle;
-
/**
* A class represents a resource bundle for cms gateway.
* <P>
- *
+ *
* @version $Revision$, $Date$
* @see java.util.ListResourceBundle
*/
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
index b5c6e3c7..74d46bad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
@@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This class is to hold some general method for servlets.
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSGateway {
@@ -52,8 +50,8 @@ public class CMSGateway {
private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll";
private final static String PROP_SERVER_XML = "server.xml";
- public static final String CERT_ATTR =
- "javax.servlet.request.X509Certificate";
+ public static final String CERT_ATTR =
+ "javax.servlet.request.X509Certificate";
protected static CMSFileLoader mFileLoader = new CMSFileLoader();
@@ -68,11 +66,11 @@ public class CMSGateway {
mEnableFileServing = true;
mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY);
try {
- mEnableAdminEnroll =
+ mEnableAdminEnroll =
mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false);
} catch (EBaseException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
}
}
@@ -88,7 +86,7 @@ public class CMSGateway {
httpReqHash.put(name, req.getParameter(name));
}
-
+
String ip = req.getRemoteAddr();
if (ip != null)
httpReqHash.put("clientHost", ip);
@@ -99,8 +97,8 @@ public class CMSGateway {
return mEnableAdminEnroll;
}
- public static void setEnableAdminEnroll(boolean enableAdminEnroll)
- throws EBaseException {
+ public static void setEnableAdminEnroll(boolean enableAdminEnroll)
+ throws EBaseException {
IConfigStore mainConfig = CMS.getConfigStore();
//!!! Is it thread safe? xxxx
@@ -123,14 +121,14 @@ public class CMSGateway {
* manager.
*/
public static AuthCredentials getAuthCreds(
- IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
- throws EBaseException {
+ IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
+ throws EBaseException {
// get credentials from http parameters.
if (authMgr == null)
- return null;
+ return null;
String[] reqCreds = authMgr.getRequiredCreds();
AuthCredentials creds = new AuthCredentials();
-
+
if (clientCert instanceof java.security.cert.X509Certificate) {
try {
clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded());
@@ -144,8 +142,8 @@ public class CMSGateway {
if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
// cert could be null;
- creds.set(reqCred, new X509Certificate[] { clientCert}
- );
+ creds.set(reqCred, new X509Certificate[] { clientCert }
+ );
} else {
String value = argBlock.getValueAsString(reqCred);
@@ -163,9 +161,9 @@ public class CMSGateway {
protected final static String AUTHMGR_PARAM = "authenticator";
public static AuthToken checkAuthManager(
- HttpServletRequest httpReq, IArgBlock httpParams,
- X509Certificate cert, String authMgrName)
- throws EBaseException {
+ HttpServletRequest httpReq, IArgBlock httpParams,
+ X509Certificate cert, String authMgrName)
+ throws EBaseException {
IArgBlock httpArgs = httpParams;
if (httpArgs == null)
@@ -181,43 +179,43 @@ public class CMSGateway {
}
if (authMgrName == null || authMgrName.length() == 0) {
- throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
+ throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED")));
}
-
- IAuthManager authMgr =
- authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+
+ IAuthManager authMgr =
+ authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
authMgr = authSub.getAuthManager(authMgrName);
if (authMgr == null)
return null;
- IAuthCredentials creds =
- getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
+ IAuthCredentials creds =
+ getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
AuthToken authToken = null;
try {
- authToken = (AuthToken) authMgr.authenticate(creds);
+ authToken = (AuthToken) authMgr.authenticate(creds);
} catch (EBaseException e) {
throw e;
} catch (Exception e) {
CMS.debug("CMSGateway: " + e);
// catch all errors from authentication manager.
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
e.toString(), e.getMessage()));
}
return authToken;
}
public static void renderTemplate(
- String templateName,
- HttpServletRequest req,
- HttpServletResponse resp,
- ServletConfig servletConfig,
- CMSFileLoader fileLoader)
- throws EBaseException, IOException {
- CMSTemplate template =
- getTemplate(templateName, req,
- servletConfig, fileLoader, new Locale[1]);
+ String templateName,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ ServletConfig servletConfig,
+ CMSFileLoader fileLoader)
+ throws EBaseException, IOException {
+ CMSTemplate template =
+ getTemplate(templateName, req,
+ servletConfig, fileLoader, new Locale[1]);
ServletOutputStream out = resp.getOutputStream();
template.renderOutput(out, new CMSTemplateParams(null, null));
@@ -240,8 +238,8 @@ public class CMSGateway {
* @param locale array of at least one to be filled with locale found.
*/
public static File getLangFile(
- HttpServletRequest req, File realpathFile, Locale[] locale)
- throws IOException {
+ HttpServletRequest req, File realpathFile, Locale[] locale)
+ throws IOException {
File file = null;
String acceptLang = req.getHeader("accept-language");
@@ -258,7 +256,7 @@ public class CMSGateway {
}
String name = realpathFile.getName();
- if (name == null) { // filename should never be null.
+ if (name == null) { // filename should never be null.
throw new IOException("file has no name");
}
int i;
@@ -287,8 +285,8 @@ public class CMSGateway {
}
String langfilepath =
- parent + File.separatorChar +
- lang + File.separatorChar + name;
+ parent + File.separatorChar +
+ lang + File.separatorChar + name;
file = new File(langfilepath);
if (file.exists()) {
@@ -311,54 +309,54 @@ public class CMSGateway {
}
/**
- * get a template
+ * get a template
*/
protected static CMSTemplate getTemplate(
- String templateName,
- HttpServletRequest httpReq,
- ServletConfig servletConfig,
- CMSFileLoader fileLoader,
- Locale[] locale)
- throws EBaseException, IOException {
+ String templateName,
+ HttpServletRequest httpReq,
+ ServletConfig servletConfig,
+ CMSFileLoader fileLoader,
+ Locale[] locale)
+ throws EBaseException, IOException {
// this converts to system dependent file seperator char.
if (servletConfig == null) {
- CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" );
+ CMS.debug("CMSGateway:getTemplate() - servletConfig is null!");
return null;
}
if (servletConfig.getServletContext() == null) {
}
if (templateName == null) {
}
- String realpath =
- servletConfig.getServletContext().getRealPath("/" + templateName);
+ String realpath =
+ servletConfig.getServletContext().getRealPath("/" + templateName);
File realpathFile = new File(realpath);
- File templateFile =
- getLangFile(httpReq, realpathFile, locale);
- CMSTemplate template =
- //(CMSTemplate)fileLoader.getCMSFile(templateFile);
- (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
+ File templateFile =
+ getLangFile(httpReq, realpathFile, locale);
+ CMSTemplate template =
+ //(CMSTemplate)fileLoader.getCMSFile(templateFile);
+ (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
return template;
}
/**
* Get the If-Modified-Since header and compare it to the millisecond
- * epoch value passed in. If there is no header, or there is a problem
- * parsing the value, or if the file has been modified this will return
+ * epoch value passed in. If there is no header, or there is a problem
+ * parsing the value, or if the file has been modified this will return
* true, indicating the file has changed.
- *
+ *
* @param lastModified The time value in milliseconds past the epoch to
- * compare the If-Modified-Since header to.
+ * compare the If-Modified-Since header to.
*/
public static boolean modifiedSince(HttpServletRequest req, long lastModified) {
long ifModSinceStr;
try {
ifModSinceStr = req.getDateHeader("If-Modified-Since");
- }catch (IllegalArgumentException e) {
+ } catch (IllegalArgumentException e) {
return true;
}
-
+
if (ifModSinceStr < 0) {
return true;
}
@@ -371,4 +369,3 @@ public class CMSGateway {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
index ca5abf03..62276df1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
@@ -17,12 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
-
-
/**
- * handy class containing cms templates to load & fill.
- *
+ * handy class containing cms templates to load & fill.
+ *
* @version $Revision$, $Date$
*/
public class CMSLoadTemplate {
@@ -35,9 +32,9 @@ public class CMSLoadTemplate {
}
public CMSLoadTemplate(
- String propName, String fillerPropName,
- String templateName, ICMSTemplateFiller filler) {
-
+ String propName, String fillerPropName,
+ String templateName, ICMSTemplateFiller filler) {
+
mPropName = propName;
mFillerPropName = fillerPropName;
mTemplateName = templateName;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
index 27f1d3a5..822d8a0d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Hashtable;
import java.util.Vector;
@@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus;
/**
* This represents a user request.
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSRequest {
@@ -72,7 +71,7 @@ public class CMSRequest {
private IRequest mRequest = null;
// whether request processed successfully
- private Integer mStatus = SUCCESS;
+ private Integer mStatus = SUCCESS;
// exception message containing error that occured.
// note exception could also be thrown seperately.
@@ -85,7 +84,7 @@ public class CMSRequest {
Object mResult = null;
Hashtable mResults = new Hashtable();
- /**
+ /**
* Constructor
*/
public CMSRequest() {
@@ -133,7 +132,7 @@ public class CMSRequest {
mServletConfig = servletConfig;
}
- /*
+ /*
* set the servlet context. the servletcontext has detail
* about the currently running request
*/
@@ -141,20 +140,21 @@ public class CMSRequest {
mServletContext = servletContext;
}
- /**
- * Set request status.
- * @param status request status. Allowed values are
- * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING
+ /**
+ * Set request status.
+ *
+ * @param status request status. Allowed values are
+ * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING
* @throws IllegalArgumentException if status is not one of the above values
*/
public void setStatus(Integer status) {
- if ( !status.equals( UNAUTHORIZED ) &&
- !status.equals( SUCCESS ) &&
- !status.equals( REJECTED ) &&
- !status.equals( PENDING ) &&
- !status.equals( ERROR ) &&
- !status.equals( SVC_PENDING ) &&
- !status.equals( EXCEPTION ) ) {
+ if (!status.equals(UNAUTHORIZED) &&
+ !status.equals(SUCCESS) &&
+ !status.equals(REJECTED) &&
+ !status.equals(PENDING) &&
+ !status.equals(ERROR) &&
+ !status.equals(SVC_PENDING) &&
+ !status.equals(EXCEPTION)) {
throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS"));
}
mStatus = status;
@@ -169,9 +169,9 @@ public class CMSRequest {
}
public void setErrorDescription(String descr) {
- if (mErrorDescr == null)
+ if (mErrorDescr == null)
mErrorDescr = new Vector();
- mErrorDescr.addElement(descr);
+ mErrorDescr.addElement(descr);
}
public void setResult(Object result) {
@@ -259,13 +259,13 @@ public class CMSRequest {
return null;
}
- /**
- * set default CMS status according to IRequest status.
+ /**
+ * set default CMS status according to IRequest status.
*/
public void setIRequestStatus() throws EBaseException {
if (mRequest == null) {
- EBaseException e =
- new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
+ EBaseException e =
+ new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
throw e;
}
@@ -292,8 +292,8 @@ public class CMSRequest {
RequestId reqId = mRequest.getRequestId();
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2",
- status.toString(), reqId.toString()));
+ CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2",
+ status.toString(), reqId.toString()));
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
index b90278fa..4625fb79 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -39,14 +38,13 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.logging.ILogger;
-
/**
- * File templates. This implementation will take
+ * File templates. This implementation will take
* an HTML file with a special customer tag
* &lt;CMS_TEMPLATE&gt; and replace the tag with
* a series of javascript variable definitions
* (depending on the servlet)
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSTemplate extends CMSFile {
@@ -68,7 +66,7 @@ public class CMSTemplate extends CMSFile {
public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>";
/* Character set for i18n */
-
+
/* Will be set by CMSServlet.getTemplate() */
private String mCharset = null;
@@ -78,9 +76,10 @@ public class CMSTemplate extends CMSFile {
/**
* Constructor
+ *
* @param file template file to load
* @param charset character set
- * @throws IOException if the there was an error opening the file
+ * @throws IOException if the there was an error opening the file
*/
public CMSTemplate(File file, String charset) throws IOException, EBaseException {
mCharset = charset;
@@ -89,8 +88,8 @@ public class CMSTemplate extends CMSFile {
try {
init(file);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE"));
}
@@ -137,8 +136,8 @@ public class CMSTemplate extends CMSFile {
log(ILogger.LL_FAILURE, CMS.getLogMessage(
"CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG));
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2",
- TEMPLATE_TAG, mAbsPath));
+ CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2",
+ TEMPLATE_TAG, mAbsPath));
}
mPreOutput = content.substring(0, location);
mPostOutput = content.substring(TEMPLATE_TAG.length() + location);
@@ -146,16 +145,17 @@ public class CMSTemplate extends CMSFile {
return true;
}
- /**
- * Write a javascript representation of 'input'
+ /**
+ * Write a javascript representation of 'input'
* surrounded by SCRIPT tags to the outputstream
+ *
* @param rout the outputstream to write to
* @param input the parameters to write
*/
public void renderOutput(OutputStream rout, CMSTemplateParams input)
- throws IOException {
+ throws IOException {
Enumeration<String> e = null;
- Enumeration<IArgBlock> q = null;
+ Enumeration<IArgBlock> q = null;
IArgBlock r = null;
boolean headerBlock = false, fixedBlock = false, queryBlock = false;
CMSTemplateParams data = (CMSTemplateParams) input;
@@ -165,7 +165,7 @@ public class CMSTemplate extends CMSFile {
http_out = new HTTPOutputStreamWriter(rout);
else
http_out = new HTTPOutputStreamWriter(rout, mCharset);
-
+
try {
templateLine out = new templateLine();
@@ -194,7 +194,7 @@ public class CMSTemplate extends CMSFile {
e = r.elements();
while (e.hasMoreElements()) {
headerBlock = true;
- String n = e.nextElement();
+ String n = e.nextElement();
Object v = r.getValue(n);
out.println("header." + n + " = " + renderValue(v) + ";");
@@ -228,7 +228,7 @@ public class CMSTemplate extends CMSFile {
out.println("record.SERVER_ATTRS = new Array;");
// Get a query record
- r = q.nextElement();
+ r = q.nextElement();
e = r.elements();
while (e.hasMoreElements()) {
String n = e.nextElement();
@@ -259,7 +259,7 @@ public class CMSTemplate extends CMSFile {
/**
* Ouput the pre-amble HTML Header including
* the pre-output buffer.
- *
+ *
* @param out output stream specified
* @return success or error
*/
@@ -281,7 +281,7 @@ public class CMSTemplate extends CMSFile {
/**
* Output the post HTML tags and post-output
* buffer.
- *
+ *
* @param out output stream specified
* @return success or error
*/
@@ -313,7 +313,8 @@ public class CMSTemplate extends CMSFile {
/* create input stream, can throw IOException */
FileInputStream inStream = new FileInputStream(template);
- InputStreamReader inReader = new InputStreamReader(inStream, mCharset);;
+ InputStreamReader inReader = new InputStreamReader(inStream, mCharset);
+ ;
BufferedReader in = new BufferedReader(inReader);
StringBuffer buf = new StringBuffer();
String line;
@@ -326,8 +327,8 @@ public class CMSTemplate extends CMSFile {
in.close();
inStream.close();
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
}
return buf.toString();
}
@@ -354,8 +355,8 @@ public class CMSTemplate extends CMSFile {
}
} else if (v instanceof BigInteger) {
s = ((BigInteger) v).toString(10);
- } else if (v instanceof Character &&
- ((Character) v).equals(Character.valueOf((char) 0))) {
+ } else if (v instanceof Character &&
+ ((Character) v).equals(Character.valueOf((char) 0))) {
s = "null";
} else {
s = "\"" + v.toString() + "\"";
@@ -381,25 +382,25 @@ public class CMSTemplate extends CMSFile {
for (int i = 0; i < l; i++) {
char c = in[i];
- if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) {
+ if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
out[j++] = c;
continue;
}
- if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
- in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
- in[i+1] == '<' || in[i+1] == '>' ||
- in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
- if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
- (in[i+3] == 'c' || in[i+3] == 'e')) {
+ if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+ in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+ in[i + 1] == '<' || in[i + 1] == '>' ||
+ in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+ if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+ (in[i + 3] == 'c' || in[i + 3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i+1];
- out[j++] = in[i+2];
- out[j++] = in[i+3];
+ out[j++] = in[i + 1];
+ out[j++] = in[i + 2];
+ out[j++] = in[i + 3];
i += 3;
- } else {
+ } else {
out[j++] = '\\';
- out[j++] = in[i+1];
+ out[j++] = in[i + 1];
i++;
}
continue;
@@ -457,9 +458,9 @@ public class CMSTemplate extends CMSFile {
return new String(out, 0, j);
}
- /**
- * Like escapeJavaScriptString(String s) but also escape '[' for
- * HTML processing.
+ /**
+ * Like escapeJavaScriptString(String s) but also escape '[' for
+ * HTML processing.
*/
public static String escapeJavaScriptStringHTML(String v) {
int l = v.length();
@@ -477,20 +478,20 @@ public class CMSTemplate extends CMSFile {
continue;
}
- if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
- in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
- in[i+1] == '<' || in[i+1] == '>' ||
- in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
- if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
- (in[i+3] == 'c' || in[i+3] == 'e')) {
+ if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+ in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+ in[i + 1] == '<' || in[i + 1] == '>' ||
+ in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+ if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+ (in[i + 3] == 'c' || in[i + 3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i+1];
- out[j++] = in[i+2];
- out[j++] = in[i+3];
+ out[j++] = in[i + 1];
+ out[j++] = in[i + 2];
+ out[j++] = in[i + 3];
i += 3;
- } else {
+ } else {
out[j++] = '\\';
- out[j++] = in[i+1];
+ out[j++] = in[i + 1];
i++;
}
continue;
@@ -551,25 +552,24 @@ public class CMSTemplate extends CMSFile {
* for debugging, return contents that would've been outputed.
*/
public String getOutput(CMSTemplateParams input)
- throws IOException {
+ throws IOException {
debugOutputStream out = new debugOutputStream();
renderOutput(out, input);
return out.toString();
}
- private
- class HTTPOutputStreamWriter extends OutputStreamWriter {
+ private class HTTPOutputStreamWriter extends OutputStreamWriter {
public HTTPOutputStreamWriter(OutputStream out)
- throws UnsupportedEncodingException {
+ throws UnsupportedEncodingException {
super(out);
}
-
+
public HTTPOutputStreamWriter(OutputStream out, String enc)
- throws UnsupportedEncodingException {
+ throws UnsupportedEncodingException {
super(out, enc);
}
-
+
public void print(String s) throws IOException {
write(s, 0, s.length());
flush();
@@ -577,9 +577,9 @@ public class CMSTemplate extends CMSFile {
}
}
-
private class templateLine {
private StringBuffer s = new StringBuffer();
+
void println(String p) {
s.append('\n');
s.append(p);
@@ -595,7 +595,6 @@ public class CMSTemplate extends CMSFile {
}
-
private static class debugOutputStream extends ServletOutputStream {
private StringWriter mStringWriter = new StringWriter();
@@ -604,7 +603,7 @@ public class CMSTemplate extends CMSFile {
}
public void write(int b) throws IOException {
- mStringWriter.write(b);
+ mStringWriter.write(b);
}
public String toString() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
index 4f8cfc2a..ce2c26c3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
@@ -17,16 +17,14 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Vector;
import com.netscape.certsrv.base.IArgBlock;
-
/**
* Holds template parameters
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSTemplateParams {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
index 0cd1102d..e8b848f7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
@@ -17,14 +17,12 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import com.netscape.certsrv.base.EBaseException;
-
/**
* A class represents a CMS gateway exception.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class ECMSGWException extends EBaseException {
@@ -36,7 +34,7 @@ public class ECMSGWException extends EBaseException {
/**
* CA resource class name.
*/
- private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();
+ private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();
/**
* Constructs a CMS Gateway exception.
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
index 6debd2c7..1c7d61c9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * Default error template filler
- *
+ * Default error template filler
+ *
* @version $Revision$, $Date$
*/
public class GenErrorTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq the CMS Request.
* @param authority the authority
* @param locale the locale of template.
* @param e unexpected error. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -53,14 +52,14 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
} else {
- CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " +
- "cmsReq is null!" );
+ CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " +
+ "cmsReq is null!");
return null;
}
-
+
// error
String ex = cmsReq.getError();
@@ -75,9 +74,9 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
fixed.set(ICMSTemplateFiller.ERROR, ex);
else if (cmsReq.getReason() != null)
fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason());
- // Change end
-
- // error description if any.
+ // Change end
+
+ // error description if any.
Vector descr = cmsReq.getErrorDescr();
if (descr != null) {
@@ -88,17 +87,16 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
//System.out.println("Setting description "+elem.toString());
IArgBlock argBlock = CMS.createArgBlock();
- argBlock.set(ICMSTemplateFiller.ERROR_DESCR,
- elem);
+ argBlock.set(ICMSTemplateFiller.ERROR_DESCR,
+ elem);
params.addRepeatRecord(argBlock);
}
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
index 15456865..1d479fef 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
@@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestId;
-
/**
- * default Pending template filler
- *
+ * default Pending template filler
+ *
* @version $Revision$, $Date$
*/
public class GenPendingTemplateFiller implements ICMSTemplateFiller {
@@ -72,25 +70,26 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
- if( cmsReq == null ) {
+ if (cmsReq == null) {
return null;
}
// request status if any.
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
// request id
@@ -109,17 +108,17 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
PendInfo pendInfo = new PendInfo(reqId.toString(), new
Date());
OtherInfo otherInfo = new
- OtherInfo(OtherInfo.PEND, null, pendInfo);
+ OtherInfo(OtherInfo.PEND, null, pendInfo);
SEQUENCE bpids = new SEQUENCE();
String[] reqIdArray =
- req.getExtDataInStringArray(IRequest.CMC_REQIDS);
+ req.getExtDataInStringArray(IRequest.CMC_REQIDS);
for (int i = 0; i < reqIdArray.length; i++) {
bpids.addElement(new INTEGER(reqIdArray[i]));
}
CMCStatusInfo cmcStatusInfo = new
- CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
- (String) null, otherInfo);
+ CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
+ (String) null, otherInfo);
TaggedAttribute ta = new TaggedAttribute(new
INTEGER(bpid++),
OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
@@ -130,7 +129,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
// create recipientNonce
// create responseInfo if regInfo exist
String[] transIds =
- req.getExtDataInStringArray(IRequest.CMC_TRANSID);
+ req.getExtDataInStringArray(IRequest.CMC_TRANSID);
SET ids = new SET();
for (int i = 0; i < transIds.length; i++) {
@@ -167,7 +166,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
dig = salt.getBytes();
}
String b64E = CMS.BtoA(dig);
- String[] newNonce = {b64E};
+ String[] newNonce = { b64E };
ta = new TaggedAttribute(new
INTEGER(bpid++),
@@ -180,13 +179,13 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
SEQUENCE(), new
SEQUENCE());
EncapsulatedContentInfo ci = new
- EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
- rb);
+ EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+ rb);
org.mozilla.jss.crypto.X509Certificate x509cert = null;
if (authority instanceof ICertificateAuthority) {
x509cert = ((ICertificateAuthority) authority).getCaX509Cert();
- }else if (authority instanceof IRegistrationAuthority) {
+ } else if (authority instanceof IRegistrationAuthority) {
x509cert = ((IRegistrationAuthority) authority).getRACert();
}
if (x509cert == null)
@@ -194,12 +193,12 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
try {
X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
ByteArrayInputStream issuer1 = new
- ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+ ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
Name issuer = (Name) Name.getTemplate().decode(issuer1);
IssuerAndSerialNumber ias = new
- IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
+ IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
SignerIdentifier si = new
- SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+ SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
// SHA1 is the default digest Alg for now.
DigestAlgorithm digestAlg = null;
@@ -207,14 +206,14 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
- if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
+ if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) {
signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+ } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) {
signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
} else {
- CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - "
+ CMS.debug("GenPendingTemplateFiller::getTemplateParams() - "
+ "keyType " + keyType.toString()
- + " is unsupported!" );
+ + " is unsupported!");
return null;
}
@@ -224,7 +223,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
try {
SHADigest = MessageDigest.getInstance("SHA1");
digestAlg = DigestAlgorithm.SHA1;
-
+
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
rb.encode((OutputStream) ostream);
@@ -234,31 +233,31 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
}
SignerInfo signInfo = new
- SignerInfo(si, null, null,
- OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg,
- privKey);
+ SignerInfo(si, null, null,
+ OBJECT_IDENTIFIER.id_cct_PKIResponse,
+ digest, signAlg,
+ privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
-
+
SET digestAlgs = new SET();
if (digestAlg != null) {
AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(),
- null);
+ AlgorithmIdentifier(digestAlg.toOID(),
+ null);
digestAlgs.addElement(ai);
}
-
+
SignedData fResponse = new
- SignedData(digestAlgs, ci,
- null, null, signInfos);
+ SignedData(digestAlgs, ci,
+ null, null, signInfos);
ContentInfo fullResponse = new
- ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
+ ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
ByteArrayOutputStream ostream = new
- ByteArrayOutputStream();
+ ByteArrayOutputStream();
fullResponse.encode((OutputStream) ostream);
byte[] fr = ostream.toByteArray();
@@ -270,9 +269,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
}
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
@@ -286,4 +285,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
return false;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
index 798b7f0d..3dde1147 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.request.IRequest;
-
/**
- * default Service Pending template filler
- *
+ * default Service Pending template filler
+ *
* @version $Revision$, $Date$
*/
public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
@@ -46,7 +44,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -54,11 +52,11 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
} else {
- CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " +
- "cmsReq is null!" );
+ CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " +
+ "cmsReq is null!");
return null;
}
@@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
while (msgs.hasMoreElements()) {
String ex = (String) msgs.nextElement();
- IArgBlock messageArgBlock = CMS.createArgBlock();
+ IArgBlock messageArgBlock = CMS.createArgBlock();
messageArgBlock.set(POLICY_MESSAGE, ex);
params.addRepeatRecord(messageArgBlock);
@@ -86,10 +84,9 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
index ff3d4f8c..f6de3841 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * default Success template filler
- *
+ * default Success template filler
+ *
* @version $Revision$, $Date$
*/
public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -51,15 +50,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
index d08b83a8..ec1b9777 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.request.IRequest;
-
/**
- * default Service Pending template filler
- *
+ * default Service Pending template filler
+ *
* @version $Revision$, $Date$
*/
public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -72,10 +71,9 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
index befacf83..cab1b36e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * default Unauthorized template filler
- *
+ * default Unauthorized template filler
+ *
* @version $Revision$, $Date$
*/
public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -51,19 +50,18 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
}
// set unauthorized error
- fixed.set(ICMSTemplateFiller.ERROR,
- new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
+ fixed.set(ICMSTemplateFiller.ERROR,
+ new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
index 1ae6ee45..8b560d7b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * default unexpected error template filler
- *
+ * default unexpected error template filler
+ *
* @version $Revision$, $Date$
*/
public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
@@ -37,41 +35,42 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
+
// When an exception occurs the exit is non-local which probably
// will leave the requestStatus value set to something other
// than CMSRequest.EXCEPTION, so force the requestStatus to
// EXCEPTION since it must be that if we're here.
Integer sts = CMSRequest.EXCEPTION;
- if (cmsReq != null) cmsReq.setStatus(sts);
+ if (cmsReq != null)
+ cmsReq.setStatus(sts);
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
// the unexpected error (exception)
- if (e == null)
+ if (e == null)
e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
String errMsg = null;
- if (e instanceof EBaseException)
+ if (e instanceof EBaseException)
errMsg = ((EBaseException) e).toString(locale);
- else
+ else
errMsg = e.toString();
fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg);
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
index ddd6f0a1..2d046f0e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
@@ -17,15 +17,13 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
import com.netscape.certsrv.authority.IAuthority;
-
/**
* This interface represents a template filler.
- *
+ *
* @version $Revision$, $Date$
*/
public interface ICMSTemplateFiller {
@@ -34,18 +32,18 @@ public interface ICMSTemplateFiller {
public final static String ERROR_DESCR = "errorDescription";
public final static String EXCEPTION = "unexpectedError";
- public static final String HOST = "host";
- public static final String PORT = "port";
- public static final String SCHEME = "scheme";
+ public static final String HOST = "host";
+ public static final String PORT = "port";
+ public static final String SCHEME = "scheme";
- public static final String AUTHORITY = "authorityName";
+ public static final String AUTHORITY = "authorityName";
- public static final String REQUEST_STATUS = "requestStatus";
+ public static final String REQUEST_STATUS = "requestStatus";
- public static final String KEYREC_ID = "keyrecId";
- public static final String REQUEST_ID = "requestId";
+ public static final String KEYREC_ID = "keyrecId";
+ public static final String REQUEST_ID = "requestId";
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
- throws Exception;
+ CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
+ throws Exception;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
index 27ea5ec1..827f24f1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
@@ -17,10 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
/**
* This represents raw JS parameters.
- *
+ *
* @version $Revision$, $Date$
*/
public interface IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
index ce1a5082..59c4a0fe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
@@ -26,7 +25,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.ISubsystem;
-
/**
* A class represents a certificate server kernel. This
* kernel contains a list of resident subsystems such
@@ -34,7 +32,7 @@ import com.netscape.certsrv.base.ISubsystem;
* subsystems can be loaded into this kernel by specifying
* parameters in the configuration store.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class IndexTemplateFiller implements ICMSTemplateFiller {
@@ -53,7 +51,7 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
}
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
+ CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
IArgBlock header = CMS.createArgBlock();
IArgBlock ctx = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(header, ctx);
@@ -106,8 +104,8 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
// from the caller. This parameter (selected) is used
// by header servlet
try {
- header.addStringValue("selected",
- cmsReq.getHttpParams().getValueAsString("selected"));
+ header.addStringValue("selected",
+ cmsReq.getHttpParams().getValueAsString("selected"));
} catch (EBaseException ex) {
}
header.addIntegerValue(OUT_TOTAL_COUNT, count);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
index fb31fec1..f936e075 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
@@ -17,10 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
/**
* This represents raw JS parameters.
- *
+ *
* @version $Revision$, $Date$
*/
public class RawJS implements IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
index 580909cb..9c728c03 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
@@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-
/**
* Utility class
- *
+ *
* @version $Revision$, $Date$
*/
public class Utils {
@@ -45,13 +43,13 @@ public class Utils {
public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
- public static String initializeAuthz(ServletConfig sc,
- IAuthzSubsystem authz, String id) throws ServletException {
+ public static String initializeAuthz(ServletConfig sc,
+ IAuthzSubsystem authz, String id) throws ServletException {
String srcType = AUTHZ_SRC_LDAP;
try {
IConfigStore authzConfig =
- CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
+ CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
} catch (EBaseException e) {
@@ -64,7 +62,7 @@ public class Utils {
CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR);
if (aclMethod != null &&
- aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
+ aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
String aclInfo = sc.getInitParameter(PROP_ACL);
if (aclInfo != null) {
@@ -95,7 +93,7 @@ public class Utils {
}
public static void addACLInfo(IAuthzSubsystem authz, String aclMethod,
- String aclInfo) throws EBaseException {
+ String aclInfo) throws EBaseException {
StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index b3809579..7defeeac 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.connector;
-
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@@ -58,12 +57,11 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Clone servlet - part of the Clone Authority (CLA)
* processes Revoked certs from its dependant clone CAs
- * service request and return status.
- *
+ * service request and return status.
+ *
* @version $Revision$, $Date$
*/
public class CloneServlet extends CMSServlet {
@@ -94,8 +92,8 @@ public class CloneServlet extends CMSServlet {
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
+ public void service(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
@@ -134,10 +132,10 @@ public class CloneServlet extends CMSServlet {
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = req.getContentLength();
+ len = req.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -166,9 +164,9 @@ public class CloneServlet extends CMSServlet {
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -203,8 +201,8 @@ public class CloneServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO,
+ "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
// authorize, any authenticated user are authorized
AuthzToken authzToken = null;
@@ -243,13 +241,13 @@ public class CloneServlet extends CMSServlet {
replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
} catch (IOException e) {
e.printStackTrace();
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
@@ -273,8 +271,8 @@ public class CloneServlet extends CMSServlet {
//cfu ++change this to just check the subject and signer
protected IAuthToken authenticate(
- X509Certificate peerCert)
- throws EBaseException {
+ X509Certificate peerCert)
+ throws EBaseException {
try {
// XXX using agent authentication now since we're only
// verifying that the cert belongs to a user in the db.
@@ -285,32 +283,32 @@ public class CloneServlet extends CMSServlet {
AuthCredentials creds = new AuthCredentials();
- creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
- new X509Certificate[] {cert}
- );
+ creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ new X509Certificate[] { cert }
+ );
- IAuthToken token = mAuthSubsystem.authenticate(creds,
+ IAuthToken token = mAuthSubsystem.authenticate(creds,
IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
return token;
} catch (CertificateException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (EInvalidCredentials e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
}
}
protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+ throws EBaseException {
IPKIMessage replymsg = null;
IRequest r = null;
IRequestQueue queue = mAuthority.getRequestQueue();
@@ -331,8 +329,8 @@ public class CloneServlet extends CMSServlet {
mAuthority.log(ILogger.LL_FAILURE, errormsg);
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO,
+ "Found request " + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
return replymsg;
@@ -348,7 +346,7 @@ public class CloneServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
+ IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
// Set this so that request's updateBy is recorded
@@ -365,14 +363,14 @@ public class CloneServlet extends CMSServlet {
//for audit log
String agentID = sourceUserId;
String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
+ authMgr =
token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
-
+
// Get the certificate info from the request
X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
@@ -380,36 +378,35 @@ public class CloneServlet extends CMSServlet {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus() }
+ );
}
} else {
- if
- (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+ if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
@@ -578,7 +575,7 @@ public class CloneServlet extends CMSServlet {
}
protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ getPeerCert(HttpServletRequest req) throws EBaseException {
return getSSLClientCertificate(req);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index 67956bd8..8d1c78cd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -72,12 +72,11 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Connector servlet
* process requests from remote authority -
- * service request or return status.
- *
+ * service request or return status.
+ *
* @version $Revision$, $Date$
*/
public class ConnectorServlet extends CMSServlet {
@@ -96,13 +95,13 @@ public class ConnectorServlet extends CMSServlet {
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl";
private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN =
- "unknown";
+ "unknown";
private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS =
- "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
+ "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+ "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
@@ -118,13 +117,13 @@ public class ConnectorServlet extends CMSServlet {
mAuthority = (IAuthority)
CMS.getSubsystem(authority);
mReqEncoder = CMS.getHttpRequestEncoder();
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ public void service(HttpServletRequest request,
+ HttpServletResponse response)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
@@ -167,10 +166,10 @@ public class ConnectorServlet extends CMSServlet {
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = request.getContentLength();
+ len = request.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -198,9 +197,9 @@ public class ConnectorServlet extends CMSServlet {
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -231,8 +230,8 @@ public class ConnectorServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Remote Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO,
+ "Remote Authority authenticated: " + peerCert.getSubjectDN());
// authorize
AuthzToken authzToken = null;
@@ -270,15 +269,15 @@ public class ConnectorServlet extends CMSServlet {
} catch (IOException e) {
CMS.debug("ConnectorServlet: service " + e.toString());
CMS.debug(e);
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
CMS.debug("ConnectorServlet: service " + e.toString());
CMS.debug(e);
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
} catch (Exception e) {
@@ -328,8 +327,8 @@ public class ConnectorServlet extends CMSServlet {
try {
info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
- // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
- CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY);
+ // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
+ CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY);
if (certKey != null) {
byteStream = new ByteArrayOutputStream();
certKey.encode(byteStream);
@@ -369,13 +368,13 @@ public class ConnectorServlet extends CMSServlet {
certAlgOut.toByteArray());
}
} catch (Exception e) {
- CMS.debug("ConnectorServlet: profile normalization " +
- e.toString());
+ CMS.debug("ConnectorServlet: profile normalization " +
+ e.toString());
}
String profileId = request.getExtDataInString("profileId");
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ CMS.getSubsystem("profile");
IEnrollProfile profile = null;
// profile subsystem may not be available. In case of KRA for
@@ -399,24 +398,19 @@ public class ConnectorServlet extends CMSServlet {
/**
* Process request
* <P>
- *
- * (Certificate Request - all "agent" profile cert requests made through a
- * connector)
+ *
+ * (Certificate Request - all "agent" profile cert requests made through a connector)
* <P>
- *
- * (Certificate Request Processed - all automated "agent" profile based
- * cert acceptance made through a connector)
+ *
+ * (Certificate Request Processed - all automated "agent" profile based cert acceptance made through a connector)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
- * profile cert request is made (before approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
- * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when
- * inter-CIMC_Boundary data transfer is successful (this is used when data
- * does not need to be captured)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is successful (this is used when data does not need to be captured)
* </ul>
+ *
* @param source string containing source
* @param sourceUserId string containing source user ID
* @param msg PKI message
@@ -425,8 +419,8 @@ public class ConnectorServlet extends CMSServlet {
* @return PKI message
*/
protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = sourceUserId;
String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL;
@@ -477,12 +471,12 @@ public class ConnectorServlet extends CMSServlet {
if (thisreq == null) {
// strange case.
String errormsg = "Cannot find request in request queue " +
- thisreqid;
+ thisreqid;
mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage(
- "CMSGW_REQUEST_ID_NOT_FOUND_1",
- thisreqid.toString()));
+ CMS.getLogMessage(
+ "CMSGW_REQUEST_ID_NOT_FOUND_1",
+ thisreqid.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -501,8 +495,8 @@ public class ConnectorServlet extends CMSServlet {
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO,
+ "Found request " + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
@@ -527,8 +521,8 @@ public class ConnectorServlet extends CMSServlet {
// if not found process request.
thisreq = queue.newRequest(msg.getReqType());
- CMS.debug("ConnectorServlet: created requestId=" +
- thisreq.getRequestId().toString());
+ CMS.debug("ConnectorServlet: created requestId=" +
+ thisreq.getRequestId().toString());
thisreq.setSourceId(srcid);
// NOTE: For the following signed audit message, since we only
@@ -537,23 +531,23 @@ public class ConnectorServlet extends CMSServlet {
// (which is the only exception designated by this method),
// then this code does NOT need to be contained within its
// own special try/catch block.
- msg.toRequest( thisreq );
+ msg.toRequest(thisreq);
- if( isProfileRequest( thisreq ) ) {
+ if (isProfileRequest(thisreq)) {
X509CertInfo info =
thisreq.getExtDataInCertInfo(
- IEnrollProfile.REQUEST_CERTINFO );
+ IEnrollProfile.REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = ( CertificateSubjectName )
- info.get( X509CertInfo.SUBJECT );
+ CertificateSubjectName sn = (CertificateSubjectName)
+ info.get(X509CertInfo.SUBJECT);
// if the cert subject name is NOT MISSING, retrieve the
// actual "auditCertificateSubjectName" and "normalize"
// it
- if( sn != null ) {
+ if (sn != null) {
subject = sn.toString();
- if( subject != null ) {
+ if (subject != null) {
// NOTE: This is ok even if the cert subject
// name is "" (empty)!
auditCertificateSubjectName = subject.trim();
@@ -562,42 +556,42 @@ public class ConnectorServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditProfileID(),
+ auditCertificateSubjectName);
- audit( auditMessage );
- } catch( CertificateException e ) {
- CMS.debug( "ConnectorServlet: processRequest "
- + e.toString() );
+ audit(auditMessage);
+ } catch (CertificateException e) {
+ CMS.debug("ConnectorServlet: processRequest "
+ + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditProfileID(),
+ auditCertificateSubjectName);
- audit( auditMessage );
- } catch( IOException e ) {
- CMS.debug( "ConnectorServlet: processRequest "
- + e.toString() );
+ audit(auditMessage);
+ } catch (IOException e) {
+ CMS.debug("ConnectorServlet: processRequest "
+ + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditProfileID(),
+ auditCertificateSubjectName);
- audit( auditMessage );
+ audit(auditMessage);
}
}
@@ -606,9 +600,9 @@ public class ConnectorServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
+ IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " +
- srcid);
+ srcid);
// Set this so that request's updateBy is recorded
SessionContext s = SessionContext.getContext();
@@ -622,52 +616,52 @@ public class ConnectorServlet extends CMSServlet {
}
CMS.debug("ConnectorServlet: calling processRequest instance=" +
- thisreq);
+ thisreq);
if (isProfileRequest(thisreq)) {
normalizeProfileRequest(thisreq);
}
try {
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
- if( isProfileRequest( thisreq ) ) {
+ if (isProfileRequest(thisreq)) {
// reset the "auditInfoCertValue"
- auditInfoCertValue = auditInfoCertValue( thisreq );
+ auditInfoCertValue = auditInfoCertValue(thisreq);
- if( auditInfoCertValue != null ) {
- if( !( auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+ if (auditInfoCertValue != null) {
+ if (!(auditInfoCertValue.equals(
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue );
-
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
+
+ audit(auditMessage);
}
}
}
- } catch( EBaseException eAudit1 ) {
- if( isProfileRequest( thisreq ) ) {
+ } catch (EBaseException eAudit1) {
+ if (isProfileRequest(thisreq)) {
// reset the "auditInfoCertValue"
- auditInfoCertValue = auditInfoCertValue( thisreq );
+ auditInfoCertValue = auditInfoCertValue(thisreq);
- if( auditInfoCertValue != null ) {
- if( !( auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+ if (auditInfoCertValue != null) {
+ if (!(auditInfoCertValue.equals(
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue );
-
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
+
+ audit(auditMessage);
}
}
}
@@ -681,23 +675,23 @@ public class ConnectorServlet extends CMSServlet {
replymsg.fromRequest(thisreq);
CMS.debug("ConnectorServlet: replymsg.reqStatus=" +
- replymsg.getReqStatus());
+ replymsg.getReqStatus());
//for audit log
String agentID = sourceUserId;
String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
+ authMgr =
token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
if (isProfileRequest(thisreq)) {
// XXX audit log
- CMS.debug("ConnectorServlet: done requestId=" +
- thisreq.getRequestId().toString());
+ CMS.debug("ConnectorServlet: done requestId=" +
+ thisreq.getRequestId().toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -724,32 +718,32 @@ public class ConnectorServlet extends CMSServlet {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (x509Info != null) {
for (int i = 0; i < x509Info.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ x509Info[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- x509Info[i].get(X509CertInfo.SUBJECT),
- ""}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus() }
+ );
}
} else {
if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
@@ -761,40 +755,40 @@ public class ConnectorServlet extends CMSServlet {
x509Certs =
thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
- // return potentially more than one certificates.
+ // return potentially more than one certificates.
if (x509Certs != null) {
for (int i = 0; i < x509Certs.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ x509Certs[i].getSubjectDN(),
+ "cert issued serial number: 0x" +
+ x509Certs[i].getSerialNumber().toString(16) }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed",
- x509Certs[i].getSubjectDN(),
- "cert issued serial number: 0x" +
- x509Certs[i].getSerialNumber().toString(16)}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed" }
+ );
}
} else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
X509CertImpl[] certs =
- thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
X509CertImpl old_cert = certs[0];
certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
@@ -802,36 +796,36 @@ public class ConnectorServlet extends CMSServlet {
if (old_cert != null && renewed_cert != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed",
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "new serial number: 0x" +
- renewed_cert.getSerialNumber().toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "new serial number: 0x" +
+ renewed_cert.getSerialNumber().toString(16) }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed with error"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed with error" }
+ );
}
} else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
Certificate[] oldCerts =
- thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
RevokedCertImpl crlentries[] =
- thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+ thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
CRLExtensions crlExts = crlentries[0].getExtensions();
int reason = 0;
@@ -839,7 +833,7 @@ public class ConnectorServlet extends CMSServlet {
Enumeration<Extension> enum1 = crlExts.getElements();
while (enum1.hasMoreElements()) {
- Extension ext = enum1.nextElement();
+ Extension ext = enum1.nextElement();
if (ext instanceof CRLReasonExtension) {
reason = ((CRLReasonExtension) ext).getReason().toInt();
@@ -853,7 +847,7 @@ public class ConnectorServlet extends CMSServlet {
if (result.equals(IRequest.RES_ERROR)) {
String[] svcErrors =
- thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
+ thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -866,18 +860,18 @@ public class ConnectorServlet extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
@@ -892,32 +886,32 @@ public class ConnectorServlet extends CMSServlet {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() }
+ );
}
}
}
}
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed" }
+ );
}
}
@@ -1001,7 +995,7 @@ public class ConnectorServlet extends CMSServlet {
}
protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ getPeerCert(HttpServletRequest req) throws EBaseException {
return getSSLClientCertificate(req);
}
@@ -1011,11 +1005,11 @@ public class ConnectorServlet extends CMSServlet {
/**
* Signed Audit Log
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1027,20 +1021,20 @@ public class ConnectorServlet extends CMSServlet {
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Profile ID
- *
+ *
* This method is inherited by all extended "EnrollProfile"s,
* and is called to obtain the "ProfileID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message ProfileID
*/
protected String auditProfileID() {
@@ -1062,11 +1056,11 @@ public class ConnectorServlet extends CMSServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request a Request containing an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1122,4 +1116,3 @@ public class ConnectorServlet extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 2a024c3a..171aeb64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -40,13 +40,11 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
-
/**
* GenerateKeyPairServlet
- * handles "server-side key pair generation" requests from the
- * netkey RA.
- *
+ * handles "server-side key pair generation" requests from the
+ * netkey RA.
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
@@ -68,7 +66,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
/**
* Constructs GenerateKeyPair servlet.
- *
+ *
*/
public GenerateKeyPairServlet() {
super();
@@ -82,17 +80,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (authority != null)
mAuthority = (IAuthority)
CMS.getSubsystem(authority);
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/*
@@ -109,8 +107,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
* * recovery blob (used for recovery)
*/
private void processServerSideKeyGen(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
@@ -123,8 +120,8 @@ public class GenerateKeyPairServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rArchive = req.getParameter("archive");
- String rKeysize = req.getParameter("keysize");
+ String rArchive = req.getParameter("archive");
+ String rKeysize = req.getParameter("keysize");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -136,19 +133,19 @@ public class GenerateKeyPairServlet extends CMSServlet {
missingParam = true;
}
- if ((rKeysize == null) || (rKeysize.equals(""))) {
- rKeysize = "1024"; // default to 1024
- }
+ if ((rKeysize == null) || (rKeysize.equals(""))) {
+ rKeysize = "1024"; // default to 1024
+ }
if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ (rdesKeyString.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
missingParam = true;
}
if ((rArchive == null) || (rArchive.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
- rArchive = "true";
+ rArchive = "true";
}
String selectedToken = null;
@@ -160,17 +157,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
- thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
- thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and DRM thinks 1 is good
- if (result.intValue() == 1)
- status = "0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and DRM thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -184,40 +181,40 @@ public class GenerateKeyPairServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
- if( thisreq == null ) {
- CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ if (thisreq == null) {
+ CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
- String ivString = thisreq.getExtDataInString("iv_s");
+ String ivString = thisreq.getExtDataInString("iv_s");
/*
if (selectedToken == null)
status = "4";
*/
- if (!status.equals("0"))
- value = "status="+status;
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
- sb.append("wrapped_priv_key=");
- sb.append(wrappedPrivKeyString);
- sb.append("&iv_param=");
- sb.append(ivString);
+ sb.append("wrapped_priv_key=");
+ sb.append(wrappedPrivKeyString);
+ sb.append("&iv_param=");
+ sb.append(ivString);
sb.append("&public_key=");
- sb.append(publicKeyString);
+ sb.append(publicKeyString);
value = sb.toString();
}
- CMS.debug("processServerSideKeyGen:outputString.encode " +value);
+ CMS.debug("processServerSideKeyGen:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length());
+ CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -227,7 +224,6 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
}
-
/*
* For GenerateKeyPair:
@@ -258,7 +254,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("GenerateKeyPairServlet: Unauthorized");
@@ -268,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("GenerateKeyPairServlet: " + e.toString());
}
@@ -277,28 +273,28 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
- processServerSideKeyGen(req, resp);
- return;
+ CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
+ processServerSideKeyGen(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember tocheck peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember tocheck peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
index fa454bd6..dfceddd9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
@@ -39,12 +39,11 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* TokenKeyRecoveryServlet
- * handles "key recovery service" requests from the
+ * handles "key recovery service" requests from the
* netkey TPS
- *
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
@@ -65,7 +64,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
/**
* Constructs TokenKeyRecovery servlet.
- *
+ *
*/
public TokenKeyRecoveryServlet() {
super();
@@ -79,25 +78,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (authority != null)
mAuthority = (IAuthority)
CMS.getSubsystem(authority);
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
+ /**
* Process the HTTP request.
- *
+ *
* @param s The URL to decode
*/
- protected String URLdecode(String s) {
+ protected String URLdecode(String s) {
if (s == null)
return null;
ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -117,7 +116,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
} // end for
return out.toString();
- }
+ }
/*
* processTokenKeyRecovery
@@ -144,12 +143,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
* desKey-wrapped-userPrivateKey=value2
*/
private void processTokenKeyRecovery(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
-
- // IConfigStore sconfig = CMS.getConfigStore();
+
+ // IConfigStore sconfig = CMS.getConfigStore();
boolean missingParam = false;
String status = "0";
@@ -158,7 +156,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rCert = req.getParameter("cert");
+ String rCert = req.getParameter("cert");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
@@ -171,7 +169,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ (rdesKeyString.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key");
missingParam = true;
}
@@ -192,18 +190,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert);
- //XXX auto process for netkey
- queue.processRequest( thisreq );
- // IService svc = (IService) new TokenKeyRecoveryService(kra);
- // svc.serviceRequest(thisreq);
+ //XXX auto process for netkey
+ queue.processRequest(thisreq);
+ // IService svc = (IService) new TokenKeyRecoveryService(kra);
+ // svc.serviceRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and drm thinks 1 is good
- if (result.intValue() == 1)
- status ="0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and drm thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -218,25 +216,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
String ivString = "";
- /* if is RECOVERY_PROTOTYPE
- String recoveryBlobString = "";
+ /* if is RECOVERY_PROTOTYPE
+ String recoveryBlobString = "";
- IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
- byte publicKey_b[] = kr.getPublicKeyData();
+ IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
+ byte publicKey_b[] = kr.getPublicKeyData();
- BigInteger serialNo = kr.getSerialNumber();
+ BigInteger serialNo = kr.getSerialNumber();
- String serialNumberString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
+ String serialNumberString =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
- recoveryBlobString = (String)
- thisreq.get("recoveryBlob");
- */
+ recoveryBlobString = (String)
+ thisreq.get("recoveryBlob");
+ */
- if( thisreq == null ) {
- CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ if (thisreq == null) {
+ CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
@@ -247,8 +245,8 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (selectedToken == null)
status = "4";
*/
- if (!status.equals("0"))
- value = "status="+status;
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
@@ -259,13 +257,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
sb.append("&iv_param=");
sb.append(ivString);
value = sb.toString();
-
+
}
- CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value);
+ CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length());
+ CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -275,7 +273,6 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
}
-
/*
* For TokenKeyRecovery
*
@@ -305,7 +302,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
@@ -315,7 +312,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
}
@@ -324,28 +321,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
- processTokenKeyRecovery(req, resp);
- return;
+ CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
+ processTokenKeyRecovery(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember to check peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember to check peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
index a2509287..8482e71b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.StringTokenizer;
@@ -41,19 +40,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class AdminAuthenticatePanel extends WizardPanelBase {
- public AdminAuthenticatePanel() {}
+ public AdminAuthenticatePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Admin Authentication");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Admin Authentication");
setId(id);
@@ -62,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
public boolean isSubPanel() {
return true;
}
-
+
/**
* Should we skip this panel for the configuration.
*/
public boolean shouldSkip() {
CMS.debug("AdminAuthenticatePanel: should skip");
-
+
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
-
+
try {
- String select = cs.getString("preop.subsystem.select","");
+ String select = cs.getString("preop.subsystem.select", "");
if (select.equals("new")) {
return true;
}
} catch (EBaseException e) {
}
-
+
return false;
}
@@ -103,15 +103,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -125,12 +126,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.master.admin.uid", "");
String type = config.getString("preop.subsystem.select", "");
if (type.equals("clone"))
- context.put("uid", s);
+ context.put("uid", s);
else
context.put("uid", "");
} catch (Exception e) {
@@ -170,7 +171,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
cstype = toLowerCaseSubsystemType(cstype);
if (subsystemtype.equals("clone")) {
- CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
+ CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
String uid = HttpInput.getUID(request, "uid");
if (uid == null) {
context.put("errorString", "Uid is empty");
@@ -185,7 +186,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
try {
host = config.getString("preop.master.hostname");
} catch (Exception e) {
- CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+ CMS.debug("AdminAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing hostname for master");
throw new IOException("Missing hostname");
}
@@ -193,7 +194,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
try {
httpsport = config.getInteger("preop.master.httpsadminport");
} catch (Exception e) {
- CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+ CMS.debug("AdminAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing port for master");
throw new IOException("Missing port");
}
@@ -235,10 +236,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
c1.append("cloning.");
c1.append(t1);
c1.append(".pubkey.encoded");
-
- if (s1.length()!=0)
+
+ if (s1.length() != 0)
s1.append(",");
-
+
s1.append(cstype);
s1.append(".");
s1.append(t1);
@@ -248,11 +249,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type");
}
- String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString();
+ String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString();
boolean success = updateConfigEntries(host, httpsport, true,
- "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config,
- response);
+ "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config,
+ response);
try {
config.commit(false);
@@ -285,16 +286,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response,
+ Context context) {
context.put("title", "Admin Authentication");
context.put("password", "");
context.put("panel", "admin/console/config/adminauthenticatepanel.vm");
}
private boolean isCertdbCloned(HttpServletRequest request,
- Context context) {
+ Context context) {
IConfigStore config = CMS.getConfigStore();
String certList = "";
try {
@@ -306,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
String tokenname = config.getString("preop.module.token", "");
CryptoToken tok = cm.getTokenByName(tokenname);
CryptoStore store = tok.getCryptoStore();
- String name1 = "preop.master."+token+".nickname";
+ String name1 = "preop.master." + token + ".nickname";
String nickname = config.getString(name1, "");
if (!tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- nickname = tokenname+":"+nickname;
+ !tokenname.equals("internal"))
+ nickname = tokenname + ":" + nickname;
- CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname);
+ CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname);
X509Certificate cert = cm.findCertByNickname(nickname);
if (cert == null)
return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index 78bb9485..871177a1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -70,13 +69,14 @@ public class AdminPanel extends WizardPanelBase {
private static final String ADMIN_UID = "admin";
private final static String CERT_TAG = "admin";
- public AdminPanel() {}
+ public AdminPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Administrator");
}
@@ -101,14 +101,15 @@ public class AdminPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
null, /* no default parameter */
"Email address for an administrator");
@@ -152,7 +153,8 @@ public class AdminPanel extends WizardPanelBase {
try {
type = cs.getString("preop.ca.type", "");
subsystemtype = cs.getString("cs.type", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (isPanelDone()) {
try {
@@ -161,11 +163,12 @@ public class AdminPanel extends WizardPanelBase {
context.put("admin_pwd", "");
context.put("admin_pwd_again", "");
context.put("admin_uid", cs.getString("preop.admin.uid"));
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
} else {
String def_admin_name = "";
try {
- def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
+ def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
} catch (EBaseException e) {
}
context.put("admin_name", def_admin_name);
@@ -176,7 +179,7 @@ public class AdminPanel extends WizardPanelBase {
}
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
- if (ca == null) {
+ if (ca == null) {
context.put("ca", "false");
} else {
context.put("ca", "true");
@@ -186,13 +189,14 @@ public class AdminPanel extends WizardPanelBase {
String domainname = "";
try {
domainname = cs.getString("securitydomain.name", "");
- } catch (EBaseException e1) {}
+ } catch (EBaseException e1) {
+ }
context.put("securityDomain", domainname);
context.put("title", "Administrator");
context.put("panel", "admin/console/config/adminpanel.vm");
context.put("errorString", "");
context.put("info", info);
-
+
}
/**
@@ -200,8 +204,7 @@ public class AdminPanel extends WizardPanelBase {
*/
public void validate(HttpServletRequest request,
HttpServletResponse response,
- Context context) throws IOException
- {
+ Context context) throws IOException {
String pwd = HttpInput.getPassword(request, "__pwd");
String pwd_again = HttpInput.getPassword(request, "__admin_password_again");
String email = HttpInput.getEmail(request, "email");
@@ -256,13 +259,14 @@ public class AdminPanel extends WizardPanelBase {
try {
type = config.getString(PRE_CA_TYPE, "");
subsystemtype = config.getString("cs.type", "");
- security_domain_type = config.getString("securitydomain.select","");
+ security_domain_type = config.getString("securitydomain.select", "");
selected_hierarchy = config.getString("preop.hierarchy.select", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
- if (ca == null) {
+ if (ca == null) {
context.put("ca", "false");
} else {
context.put("ca", "true");
@@ -287,12 +291,12 @@ public class AdminPanel extends WizardPanelBase {
}
// REMINDER: This panel is NOT used by "clones"
- if( ca != null ) {
- if( selected_hierarchy.equals( "root" ) ) {
- CMS.debug( "AdminPanel update: "
+ if (ca != null) {
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("AdminPanel update: "
+ "Root CA subsystem");
} else {
- CMS.debug( "AdminPanel update: "
+ CMS.debug("AdminPanel update: "
+ "Subordinate CA subsystem");
}
@@ -310,9 +314,9 @@ public class AdminPanel extends WizardPanelBase {
int ca_port = -1;
// REMINDER: This panel is NOT used by "clones"
- CMS.debug( "AdminPanel update: "
+ CMS.debug("AdminPanel update: "
+ subsystemtype
- + " subsystem" );
+ + " subsystem");
if (type.equals("sdca")) {
try {
@@ -339,10 +343,11 @@ public class AdminPanel extends WizardPanelBase {
try {
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
context.put("updateStatus", "success");
-
+
}
private void createAdmin(HttpServletRequest request) throws IOException {
@@ -459,13 +464,15 @@ public class AdminPanel extends WizardPanelBase {
try {
sd_hostname = config.getString("securitydomain.host", "");
sd_port = config.getInteger("securitydomain.httpseeport");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String profileId = HttpInput.getID(request, "profileId");
if (profileId == null) {
try {
profileId = config.getString("preop.admincert.profile", "caAdminCert");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
String cert_request_type = HttpInput.getID(request, "cert_request_type");
@@ -474,7 +481,7 @@ public class AdminPanel extends WizardPanelBase {
String session_id = CMS.getConfigSDSessionId();
String subjectDN = HttpInput.getString(request, "subject");
- String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN;
+ String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN;
HttpClient httpclient = new HttpClient();
String c = null;
@@ -497,7 +504,7 @@ public class AdminPanel extends WizardPanelBase {
c = httpresponse.getContent();
CMS.debug("AdminPanel submitRequest: content=" + c);
-
+
// retrieve the request Id ad admin certificate
if (c != null) {
try {
@@ -508,9 +515,9 @@ public class AdminPanel extends WizardPanelBase {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "AdminPanel::submitRequest() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("AdminPanel::submitRequest() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -525,7 +532,7 @@ public class AdminPanel extends WizardPanelBase {
context.put("errorString", error);
throw new IOException(error);
}
-
+
IConfigStore cs = CMS.getConfigStore();
String id = parser.getValue("Id");
@@ -539,7 +546,7 @@ public class AdminPanel extends WizardPanelBase {
+ File.separator + "admin.b64";
cs.putString("preop.admincert.b64", dir);
- PrintStream ps = new PrintStream(new FileOutputStream(dir));
+ PrintStream ps = new PrintStream(new FileOutputStream(dir));
ps.println(b64);
ps.flush();
@@ -564,9 +571,9 @@ public class AdminPanel extends WizardPanelBase {
String cert_request_type = HttpInput.getID(request, "cert_request_type");
IConfigStore cs = CMS.getConfigStore();
- if( cs == null ) {
- CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" );
- throw new IOException( "cs is null" );
+ if (cs == null) {
+ CMS.debug("AdminPanel::createAdminCertificate() - cs is null!");
+ throw new IOException("cs is null");
}
String subject = "";
@@ -582,10 +589,10 @@ public class AdminPanel extends WizardPanelBase {
"AdminPanel createAdminCertificate: Exception="
+ e.toString());
}
- // this request is from IE. The VBScript has problem of generating
- // certificate request if the subject name has E and UID components.
- // For now, we always hardcoded the subject DN to be cn=NAME in
- // the IE browser.
+ // this request is from IE. The VBScript has problem of generating
+ // certificate request if the subject name has E and UID components.
+ // For now, we always hardcoded the subject DN to be cn=NAME in
+ // the IE browser.
} else if (cert_request_type.equals("pkcs10")) {
try {
byte[] b = CMS.AtoB(cert_request);
@@ -594,33 +601,33 @@ public class AdminPanel extends WizardPanelBase {
x509key = pkcs10.getSubjectPublicKeyInfo();
} catch (Exception e) {
CMS.debug("AdminPanel createAdminCertificate: Exception="
- + e.toString());
+ + e.toString());
}
}
- if( x509key == null ) {
- CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" );
- throw new IOException( "x509key is null" );
+ if (x509key == null) {
+ CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!");
+ throw new IOException("x509key is null");
}
try {
cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject);
String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local");
X509CertImpl impl = CertUtil.createLocalCert(cs, x509key,
- PCERT_PREFIX, CERT_TAG, caType, context);
+ PCERT_PREFIX, CERT_TAG, caType, context);
// update the locally created request for renewal
- CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject);
+ CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject);
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
if (ca != null) {
createPKCS7(impl);
}
cs.putString("preop.admincert.serialno.0",
- impl.getSerialNumber().toString(16));
+ impl.getSerialNumber().toString(16));
} catch (Exception e) {
CMS.debug("AdminPanel createAdminCertificate: Exception="
- + e.toString());
+ + e.toString());
}
}
@@ -640,8 +647,9 @@ public class AdminPanel extends WizardPanelBase {
try {
type = cs.getString("preop.ca.type", "");
- } catch (Exception e) {}
- if (ca == null && type.equals("otherca")) {
+ } catch (Exception e) {
+ }
+ if (ca == null && type.equals("otherca")) {
info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically.";
}
context.put("info", info);
@@ -655,7 +663,7 @@ public class AdminPanel extends WizardPanelBase {
public boolean shouldSkip() {
try {
IConfigStore c = CMS.getConfigStore();
- String s = c.getString("preop.subsystem.select",null);
+ String s = c.getString("preop.subsystem.select", null);
if (s != null && s.equals("clone")) {
return true;
}
@@ -665,11 +673,10 @@ public class AdminPanel extends WizardPanelBase {
return false;
}
-
private void createPKCS7(X509CertImpl cert) {
try {
IConfigStore cs = CMS.getConfigStore();
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
CertificateChain cachain = ca.getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -681,7 +688,7 @@ public class AdminPanel extends WizardPanelBase {
userChain[0] = cert;
PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+ new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
@@ -689,7 +696,7 @@ public class AdminPanel extends WizardPanelBase {
String p7Str = CMS.BtoA(p7Bytes);
cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
} catch (Exception e) {
- CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString());
+ CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString());
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
index a62b22b7..6bda8749 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class AgentAuthenticatePanel extends WizardPanelBase {
- public AgentAuthenticatePanel() {}
+ public AgentAuthenticatePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Agent Authentication");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Agent Authentication");
setId(id);
@@ -57,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
public boolean isSubPanel() {
return true;
}
-
+
/**
* Should we skip this panel for the configuration.
*/
public boolean shouldSkip() {
CMS.debug("DisplayCertChainPanel: should skip");
-
+
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
-
+
try {
- String select = cs.getString("securitydomain.select","");
+ String select = cs.getString("securitydomain.select", "");
if (select.equals("new")) {
return true;
}
@@ -78,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
return true;
} catch (EBaseException e) {
}
-
+
return false;
}
@@ -96,15 +96,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -118,14 +119,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.ca.agent.uid", "");
String type = config.getString("preop.hierarchy.select", "");
if (type.equals("root"))
context.put("uid", "");
else
- context.put("uid", s);
+ context.put("uid", s);
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -143,8 +144,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
*/
public void validate(HttpServletRequest request,
HttpServletResponse response,
- Context context) throws IOException
- {
+ Context context) throws IOException {
}
/**
@@ -182,34 +182,35 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
try {
host = config.getString("preop.ca.hostname");
} catch (Exception e) {
- CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+ CMS.debug("AgentAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing hostname");
throw new IOException("Missing hostname");
}
-
+
try {
httpsport = config.getInteger("preop.ca.httpsport");
} catch (Exception e) {
- CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+ CMS.debug("AgentAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing port");
throw new IOException("Missing port");
}
-/*
- // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from
- // web.xml as part of CC interface review
- boolean authenticated = authenticate(host, httpsport, true,
- "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
+ /*
+ // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from
+ // web.xml as part of CC interface review
+ boolean authenticated = authenticate(host, httpsport, true,
+ "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
- if (!authenticated) {
- context.put("errorString", "Wrong user id or password");
- throw new IOException("Wrong user id or password");
- }
-*/
+ if (!authenticated) {
+ context.put("errorString", "Wrong user id or password");
+ throw new IOException("Wrong user id or password");
+ }
+ */
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
}
@@ -217,9 +218,8 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response,
+ Context context) {
context.put("password", "");
context.put("title", "Agent Authentication");
context.put("panel", "admin/console/config/agentauthenticatepanel.vm");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
index ceab1d8d..6700b931 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class AuthenticatePanel extends WizardPanelBase {
- public AuthenticatePanel() {}
+ public AuthenticatePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Authentication");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Authentication");
setId(id);
@@ -62,21 +62,22 @@ public class AuthenticatePanel extends WizardPanelBase {
public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
- String s = cs.getString("preop.ca.agent.uid","");
+ String s = cs.getString("preop.ca.agent.uid", "");
if (s == null || s.equals("")) {
return false;
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -90,14 +91,14 @@ public class AuthenticatePanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.ca.agent.uid", "");
String type = config.getString("preop.hierarchy.select", "");
if (type.equals("root"))
context.put("uid", "");
else
- context.put("uid", s);
+ context.put("uid", s);
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -151,30 +152,31 @@ public class AuthenticatePanel extends WizardPanelBase {
try {
host = config.getString("preop.ca.hostname");
} catch (Exception e) {
- CMS.debug("AuthenticatePanel update: "+e.toString());
+ CMS.debug("AuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing hostname");
throw new IOException("Missing hostname");
}
-
+
try {
httpsport = config.getInteger("preop.ca.httpsport");
} catch (Exception e) {
- CMS.debug("AuthenticatePanel update: "+e.toString());
+ CMS.debug("AuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing port");
throw new IOException("Missing port");
}
- boolean authenticated = authenticate(host, httpsport, true,
- "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd);
+ boolean authenticated = authenticate(host, httpsport, true,
+ "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd);
- if (!authenticated) {
- context.put("errorString", "Wrong user id or password");
- throw new IOException("Wrong user id or password");
- }
+ if (!authenticated) {
+ context.put("errorString", "Wrong user id or password");
+ throw new IOException("Wrong user id or password");
+ }
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
}
@@ -182,9 +184,8 @@ public class AuthenticatePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response,
+ Context context) {
context.put("password", "");
context.put("panel", "admin/console/config/authenticatepanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
index 77977808..c1529f25 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayOutputStream;
import java.io.CharConversionException;
import java.io.IOException;
@@ -71,19 +70,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class BackupKeyCertPanel extends WizardPanelBase {
- public BackupKeyCertPanel() {}
+ public BackupKeyCertPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Export Keys and Certificates");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Export Keys and Certificates");
setId(id);
@@ -105,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase {
try {
String s = cs.getString("preop.module.token", "");
- if (s.equals("Internal Key Storage Token"))
+ if (s.equals("Internal Key Storage Token"))
return false;
} catch (Exception e) {
}
-
+
return true;
}
@@ -122,15 +122,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -170,7 +171,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
String select = HttpInput.getID(request, "choice");
if (select.equals("backupkey")) {
String pwd = request.getParameter("__pwd");
@@ -219,9 +220,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response,
+ Context context) {
String select = "";
try {
select = HttpInput.getID(request, "choice");
@@ -242,8 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
context.put("panel", "admin/console/config/backupkeycertpanel.vm");
}
- public void backupKeysCerts(HttpServletRequest request)
- throws IOException {
+ public void backupKeysCerts(HttpServletRequest request)
+ throws IOException {
CMS.debug("BackupKeyCertPanel backupKeysCerts: start");
IConfigStore cs = CMS.getConfigStore();
String certlist = "";
@@ -257,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
try {
cm = CryptoManager.getInstance();
} catch (Exception e) {
- CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("BackupKeyCertPanel::backupKeysCerts() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String pwd = request.getParameter("__pwd");
@@ -273,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase {
String nickname = "";
String modname = "";
try {
- nickname = cs.getString("preop.cert."+t+".nickname");
+ nickname = cs.getString("preop.cert." + t + ".nickname");
modname = cs.getString("preop.module.token");
} catch (Exception e) {
}
if (!modname.equals("Internal Key Storage Token"))
- nickname = modname+":"+nickname;
+ nickname = modname + ":" + nickname;
X509Certificate x509cert = null;
byte localKeyId[] = null;
@@ -288,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
} catch (IOException e) {
throw e;
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
throw new IOException("Failed to create pkcs12 file.");
}
@@ -296,14 +296,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
throw new IOException("Failed to create pkcs12 file.");
}
} //while loop
-
+
X509Certificate[] cacerts = cm.getCACerts();
- for (int i=0; i<cacerts.length; i++) {
+ for (int i = 0; i < cacerts.length; i++) {
//String nickname = cacerts[i].getSubjectDN().toString();
String nickname = null;
try {
@@ -311,7 +311,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
} catch (IOException e) {
throw e;
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString());
throw new IOException("Failed to create pkcs12 file.");
}
}
@@ -319,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
try {
AuthenticatedSafes authSafes = new AuthenticatedSafes();
authSafes.addSafeContents(safeContents);
- authSafes.addSafeContents(encSafeContents);
+ authSafes.addSafeContents(encSafeContents);
PFX pfx = new PFX(authSafes);
- pfx.computeMacData(pass, null, 5);
+ pfx.computeMacData(pass, null, 5);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
pfx.encode(bos);
byte[] output = bos.toByteArray();
@@ -329,13 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase {
pass.clear();
cs.commit(false);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString());
}
}
private void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
- Password pass, byte[] localKeyId, SEQUENCE safeContents)
- throws IOException {
+ Password pass, byte[] localKeyId, SEQUENCE safeContents)
+ throws IOException {
try {
PasswordConverter passConverter = new PasswordConverter();
@@ -344,23 +344,23 @@ public class BackupKeyCertPanel extends WizardPanelBase {
byte[] priData = getEncodedKey(pkey);
PrivateKeyInfo pki = (PrivateKeyInfo)
- ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
+ ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
- PBEAlgorithm.PBE_SHA1_DES3_CBC,
- pass, salt, 1, passConverter, pki);
+ PBEAlgorithm.PBE_SHA1_DES3_CBC,
+ pass, salt, 1, passConverter, pki);
SET keyAttrs = createBagAttrs(
- x509cert.getSubjectDN().toString(), localKeyId);
- SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
- key, keyAttrs);
+ x509cert.getSubjectDN().toString(), localKeyId);
+ SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
+ key, keyAttrs);
safeContents.addElement(keyBag);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString());
throw new IOException("Failed to create pk12 file.");
}
}
- private byte[] addCertBag(X509Certificate x509cert, String nickname,
- SEQUENCE safeContents) throws IOException {
+ private byte[] addCertBag(X509Certificate x509cert, String nickname,
+ SEQUENCE safeContents) throws IOException {
byte[] localKeyId = null;
try {
ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
@@ -369,10 +369,10 @@ public class BackupKeyCertPanel extends WizardPanelBase {
if (nickname != null)
certAttrs = createBagAttrs(nickname, localKeyId);
SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
- new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
+ new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
safeContents.addElement(certBag);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString());
+ CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString());
throw new IOException("Failed to create pk12 file.");
}
@@ -386,7 +386,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
- byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
IVParameterSpec param = new IVParameterSpec(iv);
wrapper.initWrap(sk, param);
byte[] enckey = wrapper.wrap(pkey);
@@ -395,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
byte[] recovered = c.doFinal(enckey);
return recovered;
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString());
}
return null;
}
- private byte[] createLocalKeyId(X509Certificate cert)
- throws IOException {
+ private byte[] createLocalKeyId(X509Certificate cert)
+ throws IOException {
try {
// SHA1 hash of the X509Cert der encoding
byte certDer[] = cert.getEncoded();
@@ -412,16 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
md.update(certDer);
return md.digest();
} catch (CertificateEncodingException e) {
- CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+ CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
throw new IOException("Failed to encode certificate.");
} catch (NoSuchAlgorithmException e) {
- CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+ CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
throw new IOException("No such algorithm supported.");
}
}
private SET createBagAttrs(String nickName, byte localKeyId[])
- throws IOException {
+ throws IOException {
try {
SET attrs = new SET();
SEQUENCE nickNameAttr = new SEQUENCE();
@@ -442,7 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
attrs.addElement(localKeyAttr);
return attrs;
} catch (CharConversionException e) {
- CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString());
throw new IOException("Failed to create PKCS12 file.");
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
index 01d06631..9bb81902 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet;
import com.netscape.certsrv.apps.CMS;
-
public class BaseServlet extends VelocityServlet {
/**
@@ -53,7 +51,8 @@ public class BaseServlet extends VelocityServlet {
if (pin == null) {
try {
response.sendRedirect("login");
- } catch (IOException e) {}
+ } catch (IOException e) {
+ }
return false;
}
return true;
@@ -70,25 +69,25 @@ public class BaseServlet extends VelocityServlet {
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("BaseServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("directoryManagerPwd") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("BaseServlet::service() param name='" + pn +
+ "' value='(sensitive)'");
} else {
- CMS.debug("BaseServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("BaseServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
index 33a0ff69..f80957d1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.URL;
import java.util.StringTokenizer;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class CAInfoPanel extends WizardPanelBase {
- public CAInfoPanel() {}
+ public CAInfoPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("CA Information");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+ throws ServletException {
setPanelNo(panelno);
setName("CA Information");
setId(id);
@@ -82,14 +82,15 @@ public class CAInfoPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -118,15 +119,18 @@ public class CAInfoPanel extends WizardPanelBase {
try {
hostname = cs.getString("preop.ca.hostname");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
try {
httpport = cs.getString("preop.ca.httpport");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
try {
httpsport = cs.getString("preop.ca.httpsport");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (type.equals("sdca")) {
context.put("check_sdca", "checked");
@@ -143,12 +147,12 @@ public class CAInfoPanel extends WizardPanelBase {
String cstype = "CA";
String portType = "SecurePort";
-/*
- try {
- cstype = cs.getString("cs.type", "");
- } catch (EBaseException e) {}
-*/
-
+ /*
+ try {
+ cstype = cs.getString("cs.type", "");
+ } catch (EBaseException e) {}
+ */
+
CMS.debug("CAInfoPanel: Ready to get url");
Vector v = getUrlListFromSecurityDomain(cs, cstype, portType);
v.addElement("External CA");
@@ -163,12 +167,13 @@ public class CAInfoPanel extends WizardPanelBase {
list.append(",");
}
}
-
+
try {
cs.putString("preop.ca.list", list.toString());
cs.commit(false);
- } catch (Exception e) {}
-
+ } catch (Exception e) {
+ }
+
context.put("urls", v);
context.put("sdcaHostname", hostname);
@@ -213,25 +218,26 @@ public class CAInfoPanel extends WizardPanelBase {
String select = null;
String index = request.getParameter("urls");
- String url = "";
+ String url = "";
if (index.startsWith("http")) {
- // user may submit url directlry
- url = index;
+ // user may submit url directlry
+ url = index;
} else {
- try {
- int x = Integer.parseInt(index);
- String list = config.getString("preop.ca.list", "");
- StringTokenizer tokenizer = new StringTokenizer(list, ",");
- int counter = 0;
-
- while (tokenizer.hasMoreTokens()) {
- url = tokenizer.nextToken();
- if (counter == x) {
- break;
+ try {
+ int x = Integer.parseInt(index);
+ String list = config.getString("preop.ca.list", "");
+ StringTokenizer tokenizer = new StringTokenizer(list, ",");
+ int counter = 0;
+
+ while (tokenizer.hasMoreTokens()) {
+ url = tokenizer.nextToken();
+ if (counter == x) {
+ break;
+ }
+ counter++;
}
- counter++;
+ } catch (Exception e) {
}
- } catch (Exception e) {}
}
URL urlx = null;
@@ -240,7 +246,7 @@ public class CAInfoPanel extends WizardPanelBase {
select = "otherca";
config.putString("preop.ca.pkcs7", "");
config.putInteger("preop.ca.certchain.size", 0);
- } else {
+ } else {
select = "sdca";
// parse URL (CA1 - https://...)
@@ -272,7 +278,8 @@ public class CAInfoPanel extends WizardPanelBase {
try {
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
@@ -301,9 +308,9 @@ public class CAInfoPanel extends WizardPanelBase {
config.putString("preop.ca.hostname", hostname);
config.putString("preop.ca.httpsport", httpsPortStr);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChainUsingSecureEEPort( config, "ca", hostname,
+ updateCertChainUsingSecureEEPort(config, "ca", hostname,
httpsport, true, context,
- certApprovalCallback );
+ certApprovalCallback);
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
index fb8c2d9c..0aedded8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
@@ -17,9 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
-
-
public class Cert {
private String mNickname = "";
private String mTokenname = "";
@@ -116,8 +113,8 @@ public class Cert {
}
public String escapeForHTML(String s) {
- s = s.replaceAll("\"", "&quot;");
- return s;
+ s = s.replaceAll("\"", "&quot;");
+ return s;
}
public String getEscapedDN() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
index 30bcc78d..119dead0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -42,19 +41,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class CertPrettyPrintPanel extends WizardPanelBase {
private Vector mCerts = null;
- public CertPrettyPrintPanel() {}
+ public CertPrettyPrintPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Certificates");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Certificates");
setId(id);
@@ -63,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
public PropertySet getUsage() {
// expects no input from client
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -83,7 +83,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -153,7 +154,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
} catch (Exception e) {
CMS.debug(
"CertPrettyPrintPanel: display() certTag " + certTag
- + " Exception caught: " + e.toString());
+ + " Exception caught: " + e.toString());
}
}
} catch (Exception e) {
@@ -192,7 +193,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
config.commit(false);
} catch (EBaseException e) {
CMS.debug(
- "CertPrettyPrintPanel: update() Exception caught at config commit: "
+ "CertPrettyPrintPanel: update() Exception caught at config commit: "
+ e.toString());
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
index 5e783b1a..72e145d6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
@@ -58,19 +57,20 @@ public class CertRequestPanel extends WizardPanelBase {
private Vector mCerts = null;
private WizardServlet mServlet = null;
- public CertRequestPanel() {}
+ public CertRequestPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Requests & Certificates");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Requests and Certificates");
mServlet = servlet;
@@ -80,13 +80,13 @@ public class CertRequestPanel extends WizardPanelBase {
// XXX how do you do this? There could be multiple certs.
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
null, /* no default parameters */
null);
set.add("cert", certDesc);
-
+
return set;
}
@@ -95,13 +95,13 @@ public class CertRequestPanel extends WizardPanelBase {
*/
public boolean showApplyButton() {
if (isPanelDone())
- return false;
+ return false;
else
- return true;
+ return true;
}
- private boolean findCertificate(String tokenname, String nickname)
- throws IOException {
+ private boolean findCertificate(String tokenname, String nickname)
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
CryptoManager cm = null;
try {
@@ -114,7 +114,7 @@ public class CertRequestPanel extends WizardPanelBase {
boolean hardware = false;
if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
hardware = true;
- fullnickname = tokenname+":"+nickname;
+ fullnickname = tokenname + ":" + nickname;
}
try {
@@ -126,16 +126,16 @@ public class CertRequestPanel extends WizardPanelBase {
return true;
} catch (Exception ee) {
if (hardware) {
- CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
- throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
+ CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding.");
+ throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding.");
}
return true;
}
} catch (IOException e) {
- CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString());
+ CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString());
+ CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString());
return false;
}
}
@@ -148,13 +148,13 @@ public class CertRequestPanel extends WizardPanelBase {
try {
select = cs.getString("preop.subsystem.select", "");
list = cs.getString("preop.cert.list", "");
- tokenname = cs.getString("preop.module.token", "");
+ tokenname = cs.getString("preop.module.token", "");
} catch (Exception e) {
}
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
-
+ ICertificateAuthority.ID);
+
if (ca != null) {
CMS.debug("CertRequestPanel cleanup: get certificate repository");
BigInteger beginS = null;
@@ -176,27 +176,26 @@ public class CertRequestPanel extends WizardPanelBase {
try {
cr.removeCertRecords(beginS, endS);
} catch (Exception e) {
- CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString());
+ CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString());
}
-
+
try {
- cr.resetSerialNumber(new BigInteger(beginNum,16));
+ cr.resetSerialNumber(new BigInteger(beginNum, 16));
} catch (Exception e) {
- CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString());
+ CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString());
}
}
}
-
StringTokenizer st = new StringTokenizer(list, ",");
String nickname = "";
boolean enable = false;
while (st.hasMoreTokens()) {
String t = st.nextToken();
-
+
try {
- enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true);
- nickname = cs.getString(PCERT_PREFIX +t+".nickname", "");
+ enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true);
+ nickname = cs.getString(PCERT_PREFIX + t + ".nickname", "");
} catch (Exception e) {
}
@@ -208,10 +207,10 @@ public class CertRequestPanel extends WizardPanelBase {
if (findCertificate(tokenname, nickname)) {
try {
- CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+").");
- deleteCert(tokenname, nickname);
+ CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ").");
+ deleteCert(tokenname, nickname);
} catch (Exception e) {
- CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString());
+ CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString());
}
}
}
@@ -235,7 +234,8 @@ public class CertRequestPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -254,9 +254,9 @@ public class CertRequestPanel extends WizardPanelBase {
CMS.debug(
"CertRequestPanel getCert: certTag=" + certTag
- + " cert=" + certs);
+ + " cert=" + certs);
//get and set formated cert
- if (!certs.startsWith("...")) {
+ if (!certs.startsWith("...")) {
certf = CryptoUtil.certFormat(certs);
}
cert.setCert(certf);
@@ -266,7 +266,7 @@ public class CertRequestPanel extends WizardPanelBase {
CertPrettyPrint pp = new CertPrettyPrint(certb);
cert.setCertpp(pp.toString(Locale.getDefault()));
} else {
- CMS.debug( "CertRequestPanel::getCert() - cert is null!" );
+ CMS.debug("CertRequestPanel::getCert() - cert is null!");
return;
}
String userfriendlyname = config.getString(
@@ -285,18 +285,16 @@ public class CertRequestPanel extends WizardPanelBase {
}
public X509Key getECCX509Key(IConfigStore config, String certTag)
- throws Exception
- {
+ throws Exception {
X509Key pubk = null;
String pubKeyEncoded = config.getString(
PCERT_PREFIX + certTag + ".pubkey.encoded");
- pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
+ pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
return pubk;
}
public X509Key getRSAX509Key(IConfigStore config, String certTag)
- throws Exception
- {
+ throws Exception {
X509Key pubk = null;
String pubKeyModulus = config.getString(
@@ -305,7 +303,7 @@ public class CertRequestPanel extends WizardPanelBase {
PCERT_PREFIX + certTag + ".pubkey.exponent");
pubk = CryptoUtil.getPublicX509Key(
CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
+ CryptoUtil.string2byte(pubKeyPublicExponent));
return pubk;
}
@@ -323,8 +321,8 @@ public class CertRequestPanel extends WizardPanelBase {
} else if (pubKeyType.equals("ecc")) {
pubk = getECCX509Key(config, certTag);
} else {
- CMS.debug( "CertRequestPanel::handleCertRequest() - "
- + "pubKeyType " + pubKeyType + " is unsupported!" );
+ CMS.debug("CertRequestPanel::handleCertRequest() - "
+ + "pubKeyType " + pubKeyType + " is unsupported!");
return;
}
@@ -341,7 +339,7 @@ public class CertRequestPanel extends WizardPanelBase {
PCERT_PREFIX + certTag + ".privkey.id");
CMS.debug("CertRequestPanel: privKeyID=" + privKeyID);
byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-
+
PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
if (privk != null) {
@@ -349,7 +347,7 @@ public class CertRequestPanel extends WizardPanelBase {
} else {
CMS.debug("CertRequestPanel: error getting private key null");
}
-
+
// construct cert request
String caDN = config.getString(PCERT_PREFIX + certTag + ".dn");
@@ -361,7 +359,7 @@ public class CertRequestPanel extends WizardPanelBase {
byte[] certReqb = certReq.toByteArray();
String certReqs = CryptoUtil.base64Encode(certReqb);
String certReqf = CryptoUtil.reqFormat(certReqs);
-
+
String subsystem = config.getString(
PCERT_PREFIX + certTag + ".subsystem");
config.putString(subsystem + "." + certTag + ".certreq", certReqs);
@@ -410,7 +408,7 @@ public class CertRequestPanel extends WizardPanelBase {
PCERT_PREFIX + certTag + ".type");
c.setType(type);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
c.setEnable(enable);
getCert(config, context, certTag, c);
@@ -458,7 +456,7 @@ public class CertRequestPanel extends WizardPanelBase {
if (issuerDN.equals(subjectDN))
return true;
} catch (Exception e) {
- CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString());
+ CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString());
}
return false;
@@ -472,7 +470,7 @@ public class CertRequestPanel extends WizardPanelBase {
deleteCert("Internal Key Storage Token", nickname);
} catch (Exception e) {
- CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString());
+ CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString());
}
}
@@ -502,7 +500,7 @@ public class CertRequestPanel extends WizardPanelBase {
String tokenname = "";
try {
- tokenname = config.getString("preop.module.token", "");
+ tokenname = config.getString("preop.module.token", "");
} catch (Exception e) {
}
@@ -510,11 +508,11 @@ public class CertRequestPanel extends WizardPanelBase {
Cert cert = (Cert) c.nextElement();
String certTag = cert.getCertTag();
String subsystem = cert.getSubsystem();
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
if (!enable)
continue;
- if (hasErr)
+ if (hasErr)
continue;
String nickname = cert.getNickname();
@@ -533,20 +531,20 @@ public class CertRequestPanel extends WizardPanelBase {
PCERT_PREFIX + certTag + ".keytype");
X509Key x509key = null;
if (pubKeyType.equals("rsa")) {
- x509key = getRSAX509Key(config, certTag);
+ x509key = getRSAX509Key(config, certTag);
} else if (pubKeyType.equals("ecc")) {
- x509key = getECCX509Key(config, certTag);
+ x509key = getECCX509Key(config, certTag);
}
-
+
if (findCertificate(tokenname, nickname)) {
if (!certTag.equals("sslserver"))
- continue;
+ continue;
}
- X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
+ X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
PCERT_PREFIX, certTag, cert.getType(), context);
if (impl != null) {
- byte[] certb = impl.getEncoded();
+ byte[] certb = impl.getEncoded();
String certs = CryptoUtil.base64Encode(certb);
cert.setCert(certs);
@@ -574,13 +572,13 @@ public class CertRequestPanel extends WizardPanelBase {
+ certTag + " Exception: "
+ ee.toString());
CMS.debug("ok");
-// hasErr = true;
+ // hasErr = true;
}
}
} else if (cert.getType().equals("remote")) {
if (b64 != null && b64.length() > 0
&& !b64.startsWith("...")) {
- String b64chain = HttpInput.getCertChain(request, certTag+"_cc");
+ String b64chain = HttpInput.getCertChain(request, certTag + "_cc");
CMS.debug(
"CertRequestPanel: in update() process remote...import cert");
@@ -590,11 +588,11 @@ public class CertRequestPanel extends WizardPanelBase {
try {
if (certTag.equals("sslserver") && findBootstrapServerCert())
deleteBootstrapServerCert();
- if (findCertificate(tokenname, nickname)) {
- deleteCert(tokenname, nickname);
+ if (findCertificate(tokenname, nickname)) {
+ deleteCert(tokenname, nickname);
}
} catch (Exception e) {
- CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString());
+ CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString());
}
input = CryptoUtil.stripCertBrackets(input.trim());
String certs = CryptoUtil.normalizeCertStr(input);
@@ -619,21 +617,21 @@ public class CertRequestPanel extends WizardPanelBase {
leaf = certchains[certchains.length - 1];
}
- if( leaf == null ) {
- CMS.debug( "CertRequestPanel::update() - "
- + "leaf is null!" );
- throw new IOException( "leaf is null" );
+ if (leaf == null) {
+ CMS.debug("CertRequestPanel::update() - "
+ + "leaf is null!");
+ throw new IOException("leaf is null");
}
if (/*(certchains.length <= 1) &&*/
- (b64chain != null && b64chain.length() != 0)) {
- CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
- try {
- CryptoUtil.importCertificateChain(
- CryptoUtil.normalizeCertAndReq(b64chain));
- } catch (Exception e) {
- CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString());
- }
+ (b64chain != null && b64chain.length() != 0)) {
+ CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
+ try {
+ CryptoUtil.importCertificateChain(
+ CryptoUtil.normalizeCertAndReq(b64chain));
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString());
+ }
}
InternalCertificate icert = (InternalCertificate) leaf;
@@ -651,17 +649,17 @@ public class CertRequestPanel extends WizardPanelBase {
+ certTag + " Exception: "
+ ee.toString());
CMS.debug("ok");
-// hasErr=true;
+ // hasErr=true;
}
} else {
CMS.debug("CertRequestPanel: in update() input null");
hasErr = true;
}
} else {
- CMS.debug("CertRequestPanel: in update() b64 not set");
- hasErr=true;
+ CMS.debug("CertRequestPanel: in update() b64 not set");
+ hasErr = true;
}
-
+
} else {
b64 = CryptoUtil.stripCertBrackets(b64.trim());
String certs = CryptoUtil.normalizeCertStr(b64);
@@ -671,10 +669,10 @@ public class CertRequestPanel extends WizardPanelBase {
if (certTag.equals("sslserver") && findBootstrapServerCert())
deleteBootstrapServerCert();
if (findCertificate(tokenname, nickname)) {
- deleteCert(tokenname, nickname);
+ deleteCert(tokenname, nickname);
}
} catch (Exception ee) {
- CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString());
+ CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString());
}
try {
@@ -683,8 +681,8 @@ public class CertRequestPanel extends WizardPanelBase {
else
CryptoUtil.importUserCertificate(impl, nickname, false);
} catch (Exception ee) {
- CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString());
- hasErr=true;
+ CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString());
+ hasErr = true;
}
}
@@ -696,16 +694,16 @@ public class CertRequestPanel extends WizardPanelBase {
if (certTag.equals("signing") && subsystem.equals("ca")) {
String NickName = nickname;
if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- NickName = tokenname+ ":"+ nickname;
+ NickName = tokenname + ":" + nickname;
- CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName);
+ CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName);
CryptoUtil.trustCertByNickname(NickName);
CMS.reinit(ICertificateAuthority.ID);
- }
+ }
} //while loop
if (hasErr == false) {
- config.putBoolean("preop.CertRequestPanel.done", true);
+ config.putBoolean("preop.CertRequestPanel.done", true);
}
config.commit(false);
} catch (Exception e) {
@@ -723,13 +721,13 @@ public class CertRequestPanel extends WizardPanelBase {
String tag = tokenizer.nextToken();
if (tag.equals("signing"))
continue;
- String nickname = config.getString("preop.cert."+tag+".nickname", "");
+ String nickname = config.getString("preop.cert." + tag + ".nickname", "");
String tokenname = config.getString("preop.module.token", "");
if (!tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ nickname = tokenname + ":" + nickname;
X509Certificate c = cm.findCertByNickname(nickname);
if (c instanceof InternalCertificate) {
- InternalCertificate ic = (InternalCertificate)c;
+ InternalCertificate ic = (InternalCertificate) c;
ic.setSSLTrust(InternalCertificate.USER);
ic.setEmailTrust(InternalCertificate.USER);
if (tag.equals("audit_signing")) {
@@ -738,10 +736,10 @@ public class CertRequestPanel extends WizardPanelBase {
ic.setObjectSigningTrust(InternalCertificate.USER);
}
}
- }
+ }
} catch (Exception e) {
}
- if (!hasErr) {
+ if (!hasErr) {
context.put("updateStatus", "success");
} else {
context.put("updateStatus", "failure");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 3725149d..f87af9bd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse;
import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.xml.XMLObject;
-
public class CertUtil {
static final int LINE_COUNT = 76;
- public static X509CertImpl createRemoteCert(String hostname,
- int port, String content, HttpServletResponse response, WizardPanelBase panel)
- throws IOException {
+ public static X509CertImpl createRemoteCert(String hostname,
+ int port, String content, HttpServletResponse response, WizardPanelBase panel)
+ throws IOException {
HttpClient httpclient = new HttpClient();
String c = null;
CMS.debug("CertUtil createRemoteCert: content " + content);
@@ -104,9 +103,9 @@ public class CertUtil {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "CertUtil::createRemoteCert() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("CertUtil::createRemoteCert() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -136,7 +135,7 @@ public class CertUtil {
return null;
}
- public static String getPKCS10(IConfigStore config, String prefix,
+ public static String getPKCS10(IConfigStore config, String prefix,
Cert certObj, Context context) throws IOException {
String certTag = certObj.getCertTag();
@@ -147,29 +146,29 @@ public class CertUtil {
String algorithm = config.getString(
prefix + certTag + ".keyalgorithm");
if (pubKeyType.equals("rsa")) {
- String pubKeyModulus = config.getString(
- prefix + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- prefix + certTag + ".pubkey.exponent");
- pubk = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
+ String pubKeyModulus = config.getString(
+ prefix + certTag + ".pubkey.modulus");
+ String pubKeyPublicExponent = config.getString(
+ prefix + certTag + ".pubkey.exponent");
+ pubk = CryptoUtil.getPublicX509Key(
+ CryptoUtil.string2byte(pubKeyModulus),
+ CryptoUtil.string2byte(pubKeyPublicExponent));
} else if (pubKeyType.equals("ecc")) {
- String pubKeyEncoded = config.getString(
+ String pubKeyEncoded = config.getString(
prefix + certTag + ".pubkey.encoded");
- pubk = CryptoUtil.getPublicX509ECCKey(
- CryptoUtil.string2byte(pubKeyEncoded));
+ pubk = CryptoUtil.getPublicX509ECCKey(
+ CryptoUtil.string2byte(pubKeyEncoded));
} else {
- CMS.debug( "CertRequestPanel::getPKCS10() - "
- + "public key type is unsupported!" );
- throw new IOException( "public key type is unsupported" );
+ CMS.debug("CertRequestPanel::getPKCS10() - "
+ + "public key type is unsupported!");
+ throw new IOException("public key type is unsupported");
}
if (pubk != null) {
CMS.debug("CertRequestPanel: got public key");
} else {
CMS.debug("CertRequestPanel: error getting public key null");
- throw new IOException( "public key is null" );
+ throw new IOException("public key is null");
}
// get private key
String privKeyID = config.getString(prefix + certTag + ".privkey.id");
@@ -201,15 +200,14 @@ public class CertUtil {
}
}
-
-/*
- * create requests so renewal can work on these initial certs
- */
+ /*
+ * create requests so renewal can work on these initial certs
+ */
public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException {
-// RequestId rid = new RequestId(serialNum);
+ // RequestId rid = new RequestId(serialNum);
// just need a request, no need to get into a queue
-// IRequest r = new EnrollmentRequest(rid);
- CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum);
+ // IRequest r = new EnrollmentRequest(rid);
+ CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum);
IRequest req = queue.newRequest("enrollment");
CMS.debug("certUtil: newRequest called");
req.setExtData("profile", "true");
@@ -224,7 +222,7 @@ public class CertUtil {
req.setExtData("requestor_phone", "");
req.setExtData("profileRemoteHost", "");
req.setExtData("profileRemoteAddr", "");
- req.setExtData("requestnotes","");
+ req.setExtData("requestnotes", "");
req.setExtData("isencryptioncert", "false");
req.setExtData("profileapprovedby", "system");
@@ -235,13 +233,12 @@ public class CertUtil {
return req;
}
-/**
- * update local cert request with the actual request
- * called from CertRequestPanel.java
- */
- public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName)
- {
- try {
+ /**
+ * update local cert request with the actual request
+ * called from CertRequestPanel.java
+ */
+ public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) {
+ try {
CMS.debug("Updating local request... certTag=" + certTag);
RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId"));
@@ -262,54 +259,56 @@ public class CertUtil {
}
queue.updateRequest(req);
} else {
- CMS.debug("CertUtil:updateLocalRequest - request queue = null");
+ CMS.debug("CertUtil:updateLocalRequest - request queue = null");
}
} catch (Exception e) {
CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString());
}
}
-/**
- * reads from the admin cert profile caAdminCert.profile and takes the first
- * entry in the list of allowed algorithms. Users that wish a different algorithm
- * can specify it in the profile using default.params.signingAlg
- */
+ /**
+ * reads from the admin cert profile caAdminCert.profile and takes the first
+ * entry in the list of allowed algorithms. Users that wish a different algorithm
+ * can specify it in the profile using default.params.signingAlg
+ */
public static String getAdminProfileAlgorithm(IConfigStore config) {
String algorithm = "SHA256withRSA";
try {
- String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa");
+ String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa");
String pfile = config.getString("profile.caAdminCert.config");
FileInputStream fis = new FileInputStream(pfile);
DataInputStream in = new DataInputStream(fis);
BufferedReader br = new BufferedReader(new InputStreamReader(in));
- String strLine;
- while ((strLine = br.readLine()) != null) {
- String marker2 = "default.params.signingAlg=";
- int indx = strLine.indexOf(marker2);
- if (indx != -1) {
- String alg = strLine.substring(indx + marker2.length());
- if ((alg.length() > 0) && (!alg.equals("-"))) {
- algorithm = alg;
- break;
- };
- };
-
- String marker = "signingAlgsAllowed=";
- indx = strLine.indexOf(marker);
- if (indx != -1) {
- String[] algs = strLine.substring(indx + marker.length()).split(",");
- for (int i=0; i<algs.length; i++) {
- if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
- (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) {
- algorithm = algs[i];
- break;
- }
- }
- }
- }
- in.close();
+ String strLine;
+ while ((strLine = br.readLine()) != null) {
+ String marker2 = "default.params.signingAlg=";
+ int indx = strLine.indexOf(marker2);
+ if (indx != -1) {
+ String alg = strLine.substring(indx + marker2.length());
+ if ((alg.length() > 0) && (!alg.equals("-"))) {
+ algorithm = alg;
+ break;
+ }
+ ;
+ }
+ ;
+
+ String marker = "signingAlgsAllowed=";
+ indx = strLine.indexOf(marker);
+ if (indx != -1) {
+ String[] algs = strLine.substring(indx + marker.length()).split(",");
+ for (int i = 0; i < algs.length; i++) {
+ if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
+ (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) {
+ algorithm = algs[i];
+ break;
+ }
+ }
+ }
+ }
+ in.close();
} catch (Exception e) {
CMS.debug("getAdminProfleAlgorithm: exception: " + e);
}
@@ -324,14 +323,15 @@ public class CertUtil {
try {
profile = config.getString(prefix + certTag + ".profile");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
X509CertImpl cert = null;
ICertificateAuthority ca = null;
ICertificateRepository cr = null;
RequestId reqId = null;
String profileId = null;
- IRequestQueue queue = null;
+ IRequestQueue queue = null;
IRequest req = null;
try {
@@ -355,7 +355,7 @@ public class CertUtil {
CMS.debug("Creating local certificate... dn=" + dn);
info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date,
date, keyAlgorithm);
- } else {
+ } else {
String issuerdn = config.getString("preop.cert.signing.dn", "");
CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
CMS.debug("Creating local certificate... dn=" + dn);
@@ -375,7 +375,7 @@ public class CertUtil {
queue = ca.getRequestQueue();
if (queue != null) {
req = createLocalRequest(queue, serialNo.toString(), info);
- CMS.debug("CertUtil profile name= "+profile);
+ CMS.debug("CertUtil profile name= " + profile);
req.setExtData("req_key", x509key.toString());
// store original profile id in cert request
@@ -387,7 +387,7 @@ public class CertUtil {
String name = profile.substring(0, idx);
req.setExtData("origprofileid", name);
}
-
+
// store mapped profile ID for use in renewal
profileId = processor.getProfileIDMapping();
req.setExtData("profileid", profileId);
@@ -399,7 +399,7 @@ public class CertUtil {
CMS.debug("certUtil: requestQueue null");
}
} catch (Exception e) {
- CMS.debug("Creating local request exception:"+e.toString());
+ CMS.debug("Creating local request exception:" + e.toString());
}
processor.populate(info);
@@ -410,36 +410,36 @@ public class CertUtil {
PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(
keyIDb);
- if( caPrik == null ) {
- CMS.debug( "CertUtil::createSelfSignedCert() - "
- + "CA private key is null!" );
- throw new IOException( "CA private key is null" );
+ if (caPrik == null) {
+ CMS.debug("CertUtil::createSelfSignedCert() - "
+ + "CA private key is null!");
+ throw new IOException("CA private key is null");
} else {
CMS.debug("CertUtil createSelfSignedCert: got CA private key");
}
String keyAlgo = x509key.getAlgorithm();
CMS.debug("key algorithm is " + keyAlgo);
- String caSigningKeyType =
- config.getString("preop.cert.signing.keytype","rsa");
- String caSigningKeyAlgo = "";
- if (type.equals("selfsign")) {
- caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA");
+ String caSigningKeyType =
+ config.getString("preop.cert.signing.keytype", "rsa");
+ String caSigningKeyAlgo = "";
+ if (type.equals("selfsign")) {
+ caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA");
} else {
- caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA");
+ caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA");
}
CMS.debug("CA Signing Key type " + caSigningKeyType);
CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo);
if (caSigningKeyType.equals("ecc")) {
- CMS.debug("CA signing cert is ECC");
- cert = CryptoUtil.signECCCert(caPrik, info,
- caSigningKeyAlgo);
+ CMS.debug("CA signing cert is ECC");
+ cert = CryptoUtil.signECCCert(caPrik, info,
+ caSigningKeyAlgo);
} else {
- CMS.debug("CA signing cert is not ecc");
- cert = CryptoUtil.signCert(caPrik, info,
- caSigningKeyAlgo);
+ CMS.debug("CA signing cert is not ecc");
+ cert = CryptoUtil.signCert(caPrik, info,
+ caSigningKeyAlgo);
}
if (cert != null) {
@@ -462,13 +462,13 @@ public class CertUtil {
if (reqId != null) {
meta.set(ICertRecord.META_REQUEST_ID, reqId.toString());
}
-
+
meta.set(ICertRecord.META_PROFILE_ID, profileId);
record = (ICertRecord) cr.createCertRecord(
- cert.getSerialNumber(), cert, meta);
+ cert.getSerialNumber(), cert, meta);
} catch (Exception e) {
CMS.debug(
- "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
+ "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
}
try {
@@ -507,21 +507,21 @@ public class CertUtil {
public static void addUserCertificate(X509CertImpl cert) {
IConfigStore cs = CMS.getConfigStore();
- int num=0;
+ int num = 0;
try {
num = cs.getInteger("preop.subsystem.count", 0);
} catch (Exception e) {
}
IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
- String id = "user"+num;
+ String id = "user" + num;
- try {
- String sysType = cs.getString("cs.type", "");
- String machineName = cs.getString("machineName", "");
- String securePort = cs.getString("service.securePort", "");
- id = sysType + "-" + machineName + "-" + securePort;
+ try {
+ String sysType = cs.getString("cs.type", "");
+ String machineName = cs.getString("machineName", "");
+ String securePort = cs.getString("service.securePort", "");
+ id = sysType + "-" + machineName + "-" + securePort;
} catch (Exception e1) {
- // ignore
+ // ignore
}
num++;
@@ -566,7 +566,7 @@ public class CertUtil {
system.addUserCert(user);
CMS.debug("CertUtil addUserCertificate: successfully add the user certificate");
} catch (Exception e) {
- CMS.debug("CertUtil addUserCertificate exception="+e.toString());
+ CMS.debug("CertUtil addUserCertificate exception=" + e.toString());
}
IGroup group = null;
@@ -603,17 +603,17 @@ public class CertUtil {
}
if (content.length() > 0)
result.append(content);
- result.append("\n");
+ result.append("\n");
return result.toString();
}
public static boolean privateKeyExistsOnToken(String certTag,
- String tokenname, String nickname) {
+ String tokenname, String nickname) {
IConfigStore cs = CMS.getConfigStore();
String givenid = "";
try {
- givenid = cs.getString("preop.cert."+certTag+".privkey.id");
+ givenid = cs.getString("preop.cert." + certTag + ".privkey.id");
} catch (Exception e) {
CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet.");
return false;
@@ -624,7 +624,7 @@ public class CertUtil {
boolean hardware = false;
if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
hardware = true;
- fullnickname = tokenname+":"+nickname;
+ fullnickname = tokenname + ":" + nickname;
}
X509Certificate cert = null;
@@ -633,7 +633,7 @@ public class CertUtil {
cm = CryptoManager.getInstance();
cert = cm.findCertByNickname(fullnickname);
} catch (Exception e) {
- CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString());
+ CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString());
return false;
}
@@ -641,19 +641,19 @@ public class CertUtil {
try {
privKey = cm.findPrivKeyByCert(cert);
} catch (Exception e) {
- CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString());
+ CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString());
return false;
}
if (privKey == null) {
- CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")");
+ CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")");
return false;
} else {
String str = "";
try {
str = CryptoUtil.byte2string(privKey.getUniqueID());
} catch (Exception e) {
- CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString());
+ CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString());
}
if (str.equals(givenid)) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
index b3c10b6e..a28ae76b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
@@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
-
public class CheckIdentity extends CMSServlet {
/**
@@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
CMS.debug("CheckIdentity authentication failed");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, "Error: Not authenticated");
return;
- }
+ }
try {
XMLObject xmlObj = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
index f2587300..5ae9bada 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-
public abstract class ConfigBaseServlet extends BaseServlet {
/**
*
@@ -50,7 +48,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
public abstract void display(HttpServletRequest request,
HttpServletResponse response, Context context);
- public abstract void update(HttpServletRequest request,
+ public abstract void update(HttpServletRequest request,
HttpServletResponse response, Context context);
public abstract Template getTemplate(HttpServletRequest request,
@@ -68,25 +66,25 @@ public abstract class ConfigBaseServlet extends BaseServlet {
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("ConfigBaseServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("directoryManagerPwd") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+ "' value='(sensitive)'");
} else {
- CMS.debug("ConfigBaseServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
@@ -97,7 +95,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
public Template process(HttpServletRequest request,
HttpServletResponse response,
Context context) {
-
+
if (CMS.debugOn()) {
outputHttpParameters(request);
}
@@ -107,16 +105,16 @@ public abstract class ConfigBaseServlet extends BaseServlet {
} else {
update(request, response, context);
}
-
+
Template template = null;
-
+
try {
context.put("name", "Velocity Test");
template = getTemplate(request, response, context);
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
-
+
return template;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
index d95c85d1..956c285b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
@@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
-
-public class ConfigCertApprovalCallback
- implements SSLCertificateApprovalCallback {
+public class ConfigCertApprovalCallback
+ implements SSLCertificateApprovalCallback {
public ConfigCertApprovalCallback() {
}
public boolean approve(X509Certificate cert,
- SSLCertificateApprovalCallback.ValidityStatus status) {
- return true;
+ SSLCertificateApprovalCallback.ValidityStatus status) {
+ return true;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
index 37493b6b..b04de414 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class ConfigCertReqServlet extends BaseServlet {
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
index e7d88a35..ed1d9cc0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class ConfigCloneServlet extends BaseServlet {
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
index 08ebf08e..2b4a82a0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
-
public class ConfigDatabaseServlet extends ConfigBaseServlet {
/**
@@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
try {
modified = cs.getString("preop.configDatabase.modified", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (modified.equals("true")) {
return true;
@@ -75,7 +74,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
basedn = cs.getString("internaldb.basedn", "");
binddn = cs.getString("internaldb.ldapauth.bindDN", "");
database = cs.getString("internaldb.database", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
} else {
hostname = HOST;
portStr = PORT;
@@ -113,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
int port = -1;
try {
- port = Integer.parseInt(portStr);
+ port = Integer.parseInt(portStr);
cs.putInteger("internaldb.ldapconn.port", port);
} catch (Exception e) {
errorString = "Port is invalid";
@@ -159,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
CMS.debug("ConfigDatabaseServlet update: " + e.toString());
return;
}
- psStore.putString("internaldb", bindpwd);
+ psStore.putString("internaldb", bindpwd);
} else {
errorString = "Bind password is empty string";
}
@@ -189,7 +189,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
Context context) {
try {
return Velocity.getTemplate("admin/console/config/config_db.vm");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return null;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
index d04fbf2f..92e2ee39 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -46,7 +45,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
private CryptoManager mCryptoManager = null;
private String mPwdFilePath = "";
- public ConfigHSMLoginPanel() {}
+ public ConfigHSMLoginPanel() {
+ }
public void init(ServletConfig config, int panelno) throws ServletException {
try {
@@ -132,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString());
}
CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache");
- String tokPwd = pr.getPassword("hardware-"+tokName);
+ String tokPwd = pr.getPassword("hardware-" + tokName);
boolean loggedIn = false;
@@ -157,48 +157,48 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
password = new Password(tokPwd.toCharArray());
try {
- if (token.passwordIsInitialized()) {
- CMS.debug(
- "ConfigHSMLoginPanel: loginToken():token password is initialized");
- if (!token.isLoggedIn()) {
- CMS.debug(
- "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
- token.login(password);
- context.put("status", "justLoggedIn");
- } else {
- CMS.debug(
- "ConfigHSMLoginPanel:Token has already logged on");
- context.put("status", "alreadyLoggedIn");
- }
- } else {
- CMS.debug(
- "ConfigHSMLoginPanel: loginToken():Token password not initialized");
- context.put("status", "tokenPasswordNotInitialized");
- rv = false;
- }
-
- } catch (IncorrectPasswordException e) {
- context.put("status", "incorrectPassword");
- context.put("errorString", e.toString());
- CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
- rv = false;
- } catch (Exception e) {
- CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
- context.put("errorString", e.toString());
- rv = false;
- }
+ if (token.passwordIsInitialized()) {
+ CMS.debug(
+ "ConfigHSMLoginPanel: loginToken():token password is initialized");
+ if (!token.isLoggedIn()) {
+ CMS.debug(
+ "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
+ token.login(password);
+ context.put("status", "justLoggedIn");
+ } else {
+ CMS.debug(
+ "ConfigHSMLoginPanel:Token has already logged on");
+ context.put("status", "alreadyLoggedIn");
+ }
+ } else {
+ CMS.debug(
+ "ConfigHSMLoginPanel: loginToken():Token password not initialized");
+ context.put("status", "tokenPasswordNotInitialized");
+ rv = false;
+ }
+
+ } catch (IncorrectPasswordException e) {
+ context.put("status", "incorrectPassword");
+ context.put("errorString", e.toString());
+ CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+ rv = false;
+ } catch (Exception e) {
+ CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+ context.put("errorString", e.toString());
+ rv = false;
+ }
return rv;
}
// XXX how do you do this?
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */
set.add(
"choice", choiceDesc);
-
+
return set;
}
@@ -220,10 +220,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
select = cs.getString("preop.subsystem.select", "");
} catch (Exception e) {
}
-
-// if (select.equals("clone"))
- // return;
-
+
+ // if (select.equals("clone"))
+ // return;
+
CMS.debug("ConfigHSMLoginPanel: in update()");
String uTokName = null;
@@ -233,7 +233,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
uPasswd = HttpInput.getPassword(request, "__uPasswd");
} catch (Exception e) {
}
-
+
if (uPasswd == null) {
CMS.debug("ConfigHSMLoginPanel: password not found");
context.put("error", "no password");
@@ -270,13 +270,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
PlainPasswordWriter pw = new PlainPasswordWriter();
pw.init(mPwdFilePath);
- pw.putPassword("hardware-"+uTokName, uPasswd);
+ pw.putPassword("hardware-" + uTokName, uPasswd);
pw.commit();
} catch (FileNotFoundException e) {
CMS.debug(
"ConfigHSMLoginPanel: update(): Exception caught: "
- + e.toString() + " writing to "+ mPwdFilePath);
+ + e.toString() + " writing to " + mPwdFilePath);
CMS.debug(
"ConfigHSMLoginPanel: update(): password not written to cache");
System.err.println("Exception caught: " + e.toString());
@@ -288,7 +288,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
System.err.println("Exception caught: " + e.toString());
context.put("error", "Exception:" + e.toString());
}
-
+
} // found password
context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
@@ -308,4 +308,3 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
index bfc6e278..9428ecce 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.cmsutil.crypto.Module;
-
public class ConfigHSMServlet extends ConfigBaseServlet {
/**
*
@@ -131,9 +129,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
} else {
CMS.debug(
"ConfigHSMServlet: token " + token.getName()
- + " not to be added");
+ + " not to be added");
}
-
+
} catch (TokenException ex) {
CMS.debug("ConfigHSMServlet:" + ex.toString());
}
@@ -165,11 +163,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
if ((cn == null) || (cn.equals(""))) {
break;
}
-
+
CMS.debug("ConfigHSMServlet: got from config module: " + cn);
// create a Module object
Module module = new Module(cn, pn, img);
-
+
if (mCurrModTable.containsKey(cn)) {
CMS.debug("ConfigHSMServlet: module found: " + cn);
module.setFound(true);
@@ -178,7 +176,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
loadModTokens(module, m);
}
-
+
CMS.debug("ConfigHSMServlet: adding module " + cn);
// add module to set
if (!mSupportedModules.contains(module)) {
@@ -290,8 +288,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
Context context) {
try {
return Velocity.getTemplate("admin/console/config/config_hsm.vm");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return null;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
index 3b3b8a64..c65e559d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class ConfigImportCertServlet extends BaseServlet {
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
index 01917303..5d50193c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
public class ConfigJoinServlet extends ConfigBaseServlet {
/**
@@ -52,12 +50,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
public boolean isPanelModified() {
IConfigStore config = CMS.getConfigStore();
-
+
String cert = null;
try {
cert = config.getString("preop.join.cert", null);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
if (cert == null || cert.equals("")) {
return false;
} else {
@@ -69,7 +68,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
* Displays panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
+ HttpServletResponse response,
Context context) {
IConfigStore config = CMS.getConfigStore();
@@ -85,7 +84,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
CryptoUtil.string2byte(pubKeyPublicExponent),
CryptoUtil.string2byte(priKeyID));
context.put("certreq", pkcs10);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String select = "auto";
boolean select_manual = true;
@@ -94,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
try {
select = config.getString("preop.join.select", null);
} catch (EBaseException e) {
- CMS.debug( "ConfigJoinServlet::display() - "
- + "Exception="+e.toString() );
+ CMS.debug("ConfigJoinServlet::display() - "
+ + "Exception=" + e.toString());
return;
}
if (select.equals("auto")) {
@@ -109,12 +109,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
String cert = config.getString("preop.join.cert", "");
context.put("cert", cert);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
} else {
context.put("cert", "");
}
- if (select_manual) {
+ if (select_manual) {
context.put("check_manual", "checked");
context.put("check_auto", "");
} else {
@@ -128,7 +129,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
* Updates panel.
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
+ HttpServletResponse response,
Context context) {
CMS.debug("JoinServlet: update");
IConfigStore config = CMS.getConfigStore();
@@ -160,9 +161,10 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
}
config.putString("preop.join.select", select);
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
-
+
public Template getTemplate(HttpServletRequest request,
HttpServletResponse response,
Context context) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
index 895c75ac..44046fdc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
@@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.profile.CertInfoProfile;
-
public class ConfigRootCAServlet extends ConfigBaseServlet {
/**
@@ -54,12 +52,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
public boolean isPanelModified() {
IConfigStore config = CMS.getConfigStore();
-
+
String profile = null;
try {
profile = config.getString("preop.hierarchy.profile", null);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
if (profile == null || profile.equals("")) {
return false;
} else {
@@ -73,7 +72,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
try {
instancePath = config.getString("instanceRoot");
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
String p[] = { "caCert.profile" };
Vector profiles = new Vector();
@@ -81,13 +81,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
try {
profiles.addElement(
new CertInfoProfile(instancePath + "/conf/" + p[i]));
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
return profiles;
}
public void display(HttpServletRequest request,
- HttpServletResponse response,
+ HttpServletResponse response,
Context context) {
IConfigStore config = CMS.getConfigStore();
String profile = null;
@@ -95,7 +96,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
if (isPanelModified()) {
try {
profile = config.getString("preop.hierarchy.profile", null);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
if (profile == null) {
profile = "caCert.profile";
@@ -108,15 +110,16 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
}
public void update(HttpServletRequest request,
- HttpServletResponse response,
+ HttpServletResponse response,
Context context) {
String profile = request.getParameter("profile");
IConfigStore config = CMS.getConfigStore();
config.putString("preop.hierarchy.profile", profile);
try {
- config.commit(false);
- } catch (Exception e) {}
+ config.commit(false);
+ } catch (Exception e) {
+ }
context.put("status", "update");
context.put("error", "");
Vector profiles = getProfiles();
@@ -124,7 +127,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
context.put("profiles", profiles);
context.put("selected_profile_id", profile);
}
-
+
public Template getTemplate(HttpServletRequest request,
HttpServletResponse response,
Context context) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index daf14c9e..377043d5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.URL;
import java.util.StringTokenizer;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class CreateSubsystemPanel extends WizardPanelBase {
- public CreateSubsystemPanel() {}
+ public CreateSubsystemPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Subsystem Selection");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Subsystem Type");
setId(id);
@@ -72,15 +72,16 @@ public class CreateSubsystemPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -112,8 +113,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("check_newsubsystem", "");
context.put("check_clonesubsystem", "checked");
}
- context.put("subsystemName",
- config.getString("preop.subsystem.name"));
+ context.put("subsystemName",
+ config.getString("preop.subsystem.name"));
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -121,8 +122,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("check_newsubsystem", "checked");
context.put("check_clonesubsystem", "");
try {
- context.put("subsystemName",
- config.getString("preop.system.fullname"));
+ context.put("subsystemName",
+ config.getString("preop.system.fullname"));
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -144,7 +145,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
} catch (EBaseException e) {
}
- Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" );
+ Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort");
StringBuffer list = new StringBuffer();
int size = v.size();
@@ -164,7 +165,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
errorString = "Internal error, cs.type is missing from CS.cfg";
}
- if (list.length()==0)
+ if (list.length() == 0)
context.put("disableClone", "true");
context.put("panel", "admin/console/config/createsubsystempanel.vm");
@@ -196,8 +197,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
throw new IOException("choice not found");
}
- config.putString("preop.subsystem.name",
- HttpInput.getName(request, "subsystemName"));
+ config.putString("preop.subsystem.name",
+ HttpInput.getName(request, "subsystemName"));
if (select.equals("newsubsystem")) {
config.putString("preop.subsystem.select", "new");
config.putString("subsystem.select", "New");
@@ -209,7 +210,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
}
cstype = toLowerCaseSubsystemType(cstype);
-
+
config.putString("preop.subsystem.select", "clone");
config.putString("subsystem.select", "Clone");
@@ -223,9 +224,9 @@ public class CreateSubsystemPanel extends WizardPanelBase {
while (t.hasMoreTokens()) {
String tag = t.nextToken();
if (tag.equals("sslserver"))
- config.putBoolean(PCERT_PREFIX+tag+".enable", true);
- else
- config.putBoolean(PCERT_PREFIX+tag+".enable", false);
+ config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
+ else
+ config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
}
// get the master CA
@@ -254,10 +255,10 @@ public class CreateSubsystemPanel extends WizardPanelBase {
String host = u.getHost();
int https_ee_port = u.getPort();
- String https_admin_port = getSecurityDomainAdminPort( config,
+ String https_admin_port = getSecurityDomainAdminPort(config,
host,
String.valueOf(https_ee_port),
- cstype );
+ cstype);
config.putString("preop.master.hostname", host);
config.putInteger("preop.master.httpsport", https_ee_port);
@@ -265,12 +266,12 @@ public class CreateSubsystemPanel extends WizardPanelBase {
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
if (cstype.equals("ca")) {
- updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port,
- true, context, certApprovalCallback );
+ updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port,
+ true, context, certApprovalCallback);
}
- getTokenInfo(config, cstype, host, https_ee_port, true, context,
- certApprovalCallback);
+ getTokenInfo(config, cstype, host, https_ee_port, true, context,
+ certApprovalCallback);
} else {
CMS.debug("CreateSubsystemPanel: invalid choice " + select);
errorString = "Invalid choice";
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index e18d86cf..d3867e52 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
@@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
public class DatabasePanel extends WizardPanelBase {
private static final String HOST = "localhost";
- private static final String CLONE_HOST="Enter FQDN here";
+ private static final String CLONE_HOST = "Enter FQDN here";
private static final String PORT = "389";
private static final String BASEDN = "o=netscapeCertificateServer";
private static final String BINDDN = "cn=Directory Manager";
@@ -74,19 +73,20 @@ public class DatabasePanel extends WizardPanelBase {
private WizardServlet mServlet = null;
- public DatabasePanel() {}
+ public DatabasePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Internal Database");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Internal Database");
setId(id);
@@ -109,7 +109,8 @@ public class DatabasePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -120,7 +121,7 @@ public class DatabasePanel extends WizardPanelBase {
"Host name");
set.add("hostname", hostDesc);
-
+
Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null,
"Port");
@@ -130,14 +131,14 @@ public class DatabasePanel extends WizardPanelBase {
"Base DN");
set.add("basedn", basednDesc);
-
+
Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null,
"Bind DN");
set.add("binddn", binddnDesc);
Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null,
- "Bind Password");
+ "Bind Password");
set.add("bindpwd", bindpwdDesc);
@@ -187,8 +188,8 @@ public class DatabasePanel extends WizardPanelBase {
basedn = cs.getString("internaldb.basedn", "");
binddn = cs.getString("internaldb.ldapauth.bindDN", "");
database = cs.getString("internaldb.database", "");
- secure = cs.getString("internaldb.ldapconn.secureConn", "");
- cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", "");
+ secure = cs.getString("internaldb.ldapconn.secureConn", "");
+ cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", "");
errorString = cs.getString("preop.database.errorString", "");
} catch (Exception e) {
CMS.debug("DatabasePanel display: " + e.toString());
@@ -199,12 +200,12 @@ public class DatabasePanel extends WizardPanelBase {
try {
basedn = cs.getString("internaldb.basedn", "");
} catch (Exception e) {
- CMS.debug( "DatabasePanel::display() - "
- + "Exception="+e.toString() );
+ CMS.debug("DatabasePanel::display() - "
+ + "Exception=" + e.toString());
return;
}
binddn = BINDDN;
- database = basedn.substring(basedn.lastIndexOf('=')+1);
+ database = basedn.substring(basedn.lastIndexOf('=') + 1);
CMS.debug("Clone: database=" + database);
} else {
hostname = HOST;
@@ -223,11 +224,10 @@ public class DatabasePanel extends WizardPanelBase {
boolean multipleEnable = false;
try {
multipleEnable = cs.getBoolean(
- "internaldb.multipleSuffix.enable", false);
+ "internaldb.multipleSuffix.enable", false);
} catch (Exception e) {
}
-
-
+
if (multipleEnable)
basedn = "ou=" + instanceId + "," + suffix;
else
@@ -243,15 +243,14 @@ public class DatabasePanel extends WizardPanelBase {
context.put("binddn", binddn);
context.put("bindpwd", bindpwd);
context.put("database", database);
- context.put("secureConn", (secure.equals("true")? "on":"off"));
- context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off"));
+ context.put("secureConn", (secure.equals("true") ? "on" : "off"));
+ context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" : "off"));
context.put("panel", "admin/console/config/databasepanel.vm");
context.put("errorString", errorString);
}
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String select = "";
try {
@@ -395,8 +394,7 @@ public class DatabasePanel extends WizardPanelBase {
}
private LDAPConnection getLocalLDAPConn(Context context, String secure)
- throws IOException
- {
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
String host = "";
@@ -409,7 +407,7 @@ public class DatabasePanel extends WizardPanelBase {
host = cs.getString("internaldb.ldapconn.host");
port = cs.getString("internaldb.ldapconn.port");
binddn = cs.getString("internaldb.ldapauth.bindDN");
- pwd = (String) context.get("bindpwd");
+ pwd = (String) context.get("bindpwd");
security = cs.getString("internaldb.ldapconn.secureConn");
} catch (Exception e) {
CMS.debug("DatabasePanel populateDB: " + e.toString());
@@ -428,12 +426,12 @@ public class DatabasePanel extends WizardPanelBase {
LDAPConnection conn = null;
if (security.equals("true")) {
- CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
- }
+ CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ } else {
+ CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
CMS.debug("DatabasePanel connecting to " + host + ":" + p);
try {
@@ -443,81 +441,78 @@ public class DatabasePanel extends WizardPanelBase {
throw new IOException("Failed to connect to the internal database.");
}
- return conn;
+ return conn;
}
- private boolean deleteDir(File dir)
- {
+ private boolean deleteDir(File dir) {
if (dir.isDirectory()) {
String[] children = dir.list();
- for (int i=0; i<children.length; i++) {
+ for (int i = 0; i < children.length; i++) {
boolean success = deleteDir(new File(dir, children[i]));
if (!success) {
return false;
}
}
}
-
+
// The directory is now empty so delete it
return dir.delete();
- }
+ }
- private void cleanupDB(LDAPConnection conn, String baseDN, String database)
- {
+ private void cleanupDB(LDAPConnection conn, String baseDN, String database) {
String[] entries = {};
String filter = "objectclass=*";
LDAPSearchConstraints cons = null;
String[] attrs = null;
- String dn="";
+ String dn = "";
try {
CMS.debug("Deleting baseDN: " + baseDN);
LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res != null)
- deleteEntries(res, conn, baseDN, entries);
+ attrs, true, cons);
+ if (res != null)
+ deleteEntries(res, conn, baseDN, entries);
+ } catch (LDAPException e) {
}
- catch (LDAPException e) {}
-
+
try {
- dn="cn=mapping tree, cn=config";
- filter = "nsslapd-backend=" + database;
- LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, true, cons);
- if (res != null) {
- while (res.hasMoreElements()) {
- dn = res.next().getDN();
- filter = "objectclass=*";
- LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res2 != null)
- deleteEntries(res2, conn, dn, entries);
- }
- }
- }
- catch (LDAPException e) {}
+ dn = "cn=mapping tree, cn=config";
+ filter = "nsslapd-backend=" + database;
+ LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, true, cons);
+ if (res != null) {
+ while (res.hasMoreElements()) {
+ dn = res.next().getDN();
+ filter = "objectclass=*";
+ LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
+ attrs, true, cons);
+ if (res2 != null)
+ deleteEntries(res2, conn, dn, entries);
+ }
+ }
+ } catch (LDAPException e) {
+ }
try {
dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
+ attrs, true, cons);
if (res != null) {
deleteEntries(res, conn, dn, entries);
- String dbdir = getInstanceDir(conn) + "/db/" + database;
- if (dbdir != null) {
- CMS.debug(" Deleting dbdir " + dbdir);
+ String dbdir = getInstanceDir(conn) + "/db/" + database;
+ if (dbdir != null) {
+ CMS.debug(" Deleting dbdir " + dbdir);
boolean success = deleteDir(new File(dbdir));
if (!success) {
CMS.debug("Unable to delete database directory " + dbdir);
}
}
}
+ } catch (LDAPException e) {
}
- catch (LDAPException e) {}
}
-
- private void populateDB(HttpServletRequest request, Context context, String secure)
- throws IOException {
+ private void populateDB(HttpServletRequest request, Context context, String secure)
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
String baseDN = "";
@@ -542,41 +537,44 @@ public class DatabasePanel extends WizardPanelBase {
boolean foundDatabase = false;
try {
LDAPEntry entry = conn.read(baseDN);
- if (entry != null) foundBaseDN = true;
+ if (entry != null)
+ foundBaseDN = true;
} catch (LDAPException e) {
- switch( e.getLDAPResultCode() ) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
+ switch (e.getLDAPResultCode()) {
+ case LDAPException.NO_SUCH_OBJECT:
+ break;
+ default:
+ CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+ throw new IOException("Failed to create the database");
}
}
try {
dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
LDAPEntry entry = conn.read(dn);
- if (entry != null) foundDatabase = true;
+ if (entry != null)
+ foundDatabase = true;
} catch (LDAPException e) {
- switch( e.getLDAPResultCode() ) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
+ switch (e.getLDAPResultCode()) {
+ case LDAPException.NO_SUCH_OBJECT:
+ break;
+ default:
+ CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+ throw new IOException("Failed to create the database");
}
}
try {
dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
LDAPEntry entry = conn.read(dn);
- if (entry != null) foundDatabase = true;
+ if (entry != null)
+ foundDatabase = true;
} catch (LDAPException e) {
- switch( e.getLDAPResultCode() ) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
+ switch (e.getLDAPResultCode()) {
+ case LDAPException.NO_SUCH_OBJECT:
+ break;
+ default:
+ CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+ throw new IOException("Failed to create the database");
}
}
@@ -584,8 +582,7 @@ public class DatabasePanel extends WizardPanelBase {
CMS.debug("DatabasePanel update: This database has already been used.");
if (remove == null) {
throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database");
- }
- else {
+ } else {
CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
cleanupDB(conn, baseDN, database);
foundBaseDN = false;
@@ -596,9 +593,8 @@ public class DatabasePanel extends WizardPanelBase {
if (foundBaseDN) {
CMS.debug("DatabasePanel update: This base DN has already been used.");
if (remove == null) {
- throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN");
- }
- else {
+ throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN");
+ } else {
CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
cleanupDB(conn, baseDN, database);
foundBaseDN = false;
@@ -609,7 +605,7 @@ public class DatabasePanel extends WizardPanelBase {
// create database
try {
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc[] = { "top", "extensibleObject", "nsBackendInstance"};
+ String oc[] = { "top", "extensibleObject", "nsBackendInstance" };
attrs.add(new LDAPAttribute("objectClass", oc));
attrs.add(new LDAPAttribute("cn", database));
attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN));
@@ -623,7 +619,7 @@ public class DatabasePanel extends WizardPanelBase {
try {
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc2[] = { "top", "extensibleObject", "nsMappingTree"};
+ String oc2[] = { "top", "extensibleObject", "nsMappingTree" };
attrs.add(new LDAPAttribute("objectClass", oc2));
attrs.add(new LDAPAttribute("cn", baseDN));
attrs.add(new LDAPAttribute("nsslapd-backend", database));
@@ -644,19 +640,19 @@ public class DatabasePanel extends WizardPanelBase {
String n = st.nextToken();
String v = st.nextToken();
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc3[] = { "top", "domain"};
+ String oc3[] = { "top", "domain" };
if (n.equals("o")) {
- oc3[1] = "organization";
+ oc3[1] = "organization";
} else if (n.equals("ou")) {
- oc3[1] = "organizationalUnit";
- }
+ oc3[1] = "organizationalUnit";
+ }
attrs.add(new LDAPAttribute("objectClass", oc3));
attrs.add(new LDAPAttribute(n, v));
LDAPEntry entry = new LDAPEntry(baseDN, attrs);
conn.add(entry);
} catch (Exception e) {
CMS.debug("Warning: suffix creation error - " + e.toString());
- throw new IOException("Failed to create the base DN: "+baseDN);
+ throw new IOException("Failed to create the base DN: " + baseDN);
}
// check to see if the base dn exists
@@ -666,15 +662,17 @@ public class DatabasePanel extends WizardPanelBase {
LDAPEntry entry = conn.read(baseDN);
if (entry != null) {
- foundBaseDN = true;
+ foundBaseDN = true;
}
- } catch (LDAPException e) {}
+ } catch (LDAPException e) {
+ }
boolean createBaseDN = true;
boolean testing = false;
try {
testing = cs.getBoolean("internaldb.multipleSuffix.enable", false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (!foundBaseDN) {
if (!testing) {
@@ -697,7 +695,7 @@ public class DatabasePanel extends WizardPanelBase {
// support only one level creation - create new entry
// right under the suffix
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc[] = { "top", "organizationalUnit"};
+ String oc[] = { "top", "organizationalUnit" };
attrs.add(new LDAPAttribute("objectClass", oc));
attrs.add(new LDAPAttribute("ou", dns2[0]));
@@ -705,7 +703,7 @@ public class DatabasePanel extends WizardPanelBase {
try {
conn.add(entry);
- foundBaseDN = true;
+ foundBaseDN = true;
CMS.debug("DatabasePanel added " + baseDN);
} catch (LDAPException e) {
throw new IOException("Failed to create " + baseDN);
@@ -723,25 +721,26 @@ public class DatabasePanel extends WizardPanelBase {
}
if (select.equals("clone")) {
- // if this is clone, add index before replication
- // don't put in the schema or bad things will happen
-
- importLDIFS("preop.internaldb.ldif", conn);
- importLDIFS("preop.internaldb.index_ldif", conn);
+ // if this is clone, add index before replication
+ // don't put in the schema or bad things will happen
+
+ importLDIFS("preop.internaldb.ldif", conn);
+ importLDIFS("preop.internaldb.index_ldif", conn);
} else {
- // data will be replicated from the master to the clone
- // so clone does not need the data
- //
+ // data will be replicated from the master to the clone
+ // so clone does not need the data
+ //
- importLDIFS("preop.internaldb.schema.ldif", conn);
- importLDIFS("preop.internaldb.ldif", conn);
- importLDIFS("preop.internaldb.data_ldif", conn);
- importLDIFS("preop.internaldb.index_ldif", conn);
+ importLDIFS("preop.internaldb.schema.ldif", conn);
+ importLDIFS("preop.internaldb.ldif", conn);
+ importLDIFS("preop.internaldb.data_ldif", conn);
+ importLDIFS("preop.internaldb.index_ldif", conn);
}
try {
conn.disconnect();
- } catch (LDAPException e) {}
+ } catch (LDAPException e) {
+ }
}
private void importLDIFS(String param, LDAPConnection conn) throws IOException {
@@ -751,11 +750,11 @@ public class DatabasePanel extends WizardPanelBase {
CMS.debug("DatabasePanel populateDB param=" + param);
try {
v = cs.getString(param);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
CMS.debug("DatabasePanel populateDB: " + e.toString());
throw new IOException("Cant find ldif files.");
}
-
+
StringTokenizer tokenizer = new StringTokenizer(v, ",");
String baseDN = null;
String database = null;
@@ -787,13 +786,12 @@ public class DatabasePanel extends WizardPanelBase {
String instanceId = null;
try {
- instanceId = cs.getString("instanceId");
+ instanceId = cs.getString("instanceId");
} catch (EBaseException e) {
throw new IOException("instanceId is missing");
}
-
- String configDir = instancePath + File.separator + "conf";
+ String configDir = instancePath + File.separator + "conf";
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken().trim();
@@ -846,11 +844,11 @@ public class DatabasePanel extends WizardPanelBase {
if (!endOfline) {
ps.println(s);
}
- }
+ }
}
in.close();
ps.close();
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("DBSubsystem popuateDB: " + e.toString());
throw new IOException(
"Problem of copying ldif file: " + filename);
@@ -867,7 +865,7 @@ public class DatabasePanel extends WizardPanelBase {
HttpServletResponse response,
Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
- boolean hasErr = false;
+ boolean hasErr = false;
boolean firsttime = false;
context.put("firsttime", "false");
@@ -903,17 +901,17 @@ public class DatabasePanel extends WizardPanelBase {
cs.putString("internaldb.ldapauth.bindDN", binddn);
cs.putString("internaldb.database", database2);
String secure = HttpInput.getCheckbox(request, "secureConn");
- cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false"));
+ cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false"));
String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS");
- cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false"));
+ cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on") ? "true" : "false"));
String remove = HttpInput.getID(request, "removeData");
if (isPanelDone() && (remove == null || remove.equals(""))) {
- /* if user submits the same data, they just want to skip
- to the next panel, no database population is required. */
- if (hostname1.equals(hostname2) &&
- portStr1.equals(portStr2) &&
- database1.equals(database2)) {
+ /* if user submits the same data, they just want to skip
+ to the next panel, no database population is required. */
+ if (hostname1.equals(hostname2) &&
+ portStr1.equals(portStr2) &&
+ database1.equals(database2)) {
context.put("updateStatus", "success");
return;
}
@@ -921,15 +919,14 @@ public class DatabasePanel extends WizardPanelBase {
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
-
try {
- populateDB(request, context, (secure.equals("on")?"true":"false"));
+ populateDB(request, context, (secure.equals("on") ? "true" : "false"));
} catch (IOException e) {
- CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+ CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
context.put("updateStatus", "failure");
throw e;
} catch (Exception e) {
- CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+ CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
context.put("errorString", e.toString());
cs.putString("preop.database.errorString", e.toString());
context.put("updateStatus", "failure");
@@ -950,11 +947,11 @@ public class DatabasePanel extends WizardPanelBase {
} catch (Exception e) {
CMS.debug("ConfigDatabaseServlet update: " + e.toString());
context.put("updateStatus", "failure");
- throw new IOException( e.toString() );
+ throw new IOException(e.toString());
}
psStore.putString("internaldb", bindpwd);
psStore.putString("replicationdb", replicationpwd);
- cs.putString("preop.internaldb.replicationpwd" , replicationpwd);
+ cs.putString("preop.internaldb.replicationpwd", replicationpwd);
cs.putString("preop.database.removeData", "false");
try {
@@ -983,57 +980,57 @@ public class DatabasePanel extends WizardPanelBase {
// always populate the index the last
try {
- CMS.debug("Populating local indexes");
- LDAPConnection conn = getLocalLDAPConn(context,
- (secure.equals("on")?"true":"false"));
- importLDIFS("preop.internaldb.post_ldif", conn);
-
- /* For vlvtask, we need to check if the task has
- been completed or not. Presence of nsTaskExitCode means task is complete
- */
- String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
- if (!wait_dn.equals("")) {
- int i = 0;
- LDAPEntry task = null;
- boolean taskComplete = false;
- CMS.debug("Checking wait_dn " + wait_dn);
- do {
- Thread.sleep(1000);
- try {
- task = conn.read(wait_dn, (String[])null);
- if (task != null) {
- LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
- if (attr != null) {
- taskComplete = true;
- String val = (String) attr.getStringValues().nextElement();
- if (val.compareTo("0") != 0) {
- CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
- }
- }
+ CMS.debug("Populating local indexes");
+ LDAPConnection conn = getLocalLDAPConn(context,
+ (secure.equals("on") ? "true" : "false"));
+ importLDIFS("preop.internaldb.post_ldif", conn);
+
+ /* For vlvtask, we need to check if the task has
+ been completed or not. Presence of nsTaskExitCode means task is complete
+ */
+ String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
+ if (!wait_dn.equals("")) {
+ int i = 0;
+ LDAPEntry task = null;
+ boolean taskComplete = false;
+ CMS.debug("Checking wait_dn " + wait_dn);
+ do {
+ Thread.sleep(1000);
+ try {
+ task = conn.read(wait_dn, (String[]) null);
+ if (task != null) {
+ LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
+ if (attr != null) {
+ taskComplete = true;
+ String val = (String) attr.getStringValues().nextElement();
+ if (val.compareTo("0") != 0) {
+ CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
+ }
+ }
+ }
+ } catch (LDAPException le) {
+ CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
+ } catch (Exception e) {
+ CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
+ }
+ } while ((!taskComplete) && (i < 20));
+ if (i < 20) {
+ CMS.debug("Done checking wait_dn " + wait_dn);
+ } else {
+ CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
}
- } catch (LDAPException le) {
- CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
- } catch (Exception e) {
- CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
- }
- } while ((!taskComplete) && (i < 20));
- if (i < 20) {
- CMS.debug("Done checking wait_dn " + wait_dn);
- } else {
- CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
}
- }
- conn.disconnect();
- CMS.debug("Done populating local indexes");
+ conn.disconnect();
+ CMS.debug("Done populating local indexes");
} catch (Exception e) {
- CMS.debug("Populating index failure - " + e);
+ CMS.debug("Populating index failure - " + e);
}
// setup replication after indexes have been created
if (select.equals("clone")) {
CMS.debug("Start setting up replication.");
- setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false"));
+ setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false"));
CMS.debug("Finish setting up replication.");
try {
@@ -1048,25 +1045,24 @@ public class DatabasePanel extends WizardPanelBase {
}
}
-
if (hasErr == false) {
- cs.putBoolean("preop.Database.done", true);
- try {
- cs.commit(false);
- } catch (EBaseException e) {
- CMS.debug(
- "DatabasePanel: update() Exception caught at config commit: "
- + e.toString());
- }
- }
+ cs.putBoolean("preop.Database.done", true);
+ try {
+ cs.commit(false);
+ } catch (EBaseException e) {
+ CMS.debug(
+ "DatabasePanel: update() Exception caught at config commit: "
+ + e.toString());
+ }
+ }
context.put("updateStatus", "success");
}
private void setupReplication(HttpServletRequest request,
- Context context, String secure, String cloneStartTLS) throws IOException {
+ Context context, String secure, String cloneStartTLS) throws IOException {
String bindpwd = HttpInput.getPassword(request, "__bindpwd");
IConfigStore cs = CMS.getConfigStore();
-
+
String cstype = "";
String machinename = "";
String instanceId = "";
@@ -1078,13 +1074,12 @@ public class DatabasePanel extends WizardPanelBase {
} catch (Exception e) {
}
-
//setup replication agreement
- String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId;
+ String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId;
cs.putString("internaldb.replication.master", masterAgreementName);
- String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId;
+ String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId;
cs.putString("internaldb.replication.consumer", cloneAgreementName);
-
+
try {
cs.commit(false);
} catch (Exception e) {
@@ -1119,18 +1114,18 @@ public class DatabasePanel extends WizardPanelBase {
master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
} catch (Exception e) {
}
-
+
LDAPConnection conn1 = null;
LDAPConnection conn2 = null;
if (secure.equals("true")) {
- CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
- conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
- conn1 = new LDAPConnection();
- conn2 = new LDAPConnection();
- }
+ CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
+ conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ } else {
+ CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
+ conn1 = new LDAPConnection();
+ conn2 = new LDAPConnection();
+ }
String basedn = "";
try {
@@ -1140,13 +1135,13 @@ public class DatabasePanel extends WizardPanelBase {
try {
conn1.connect(master1_hostname, master1_port, master1_binddn,
- master1_bindpwd);
+ master1_bindpwd);
conn2.connect(master2_hostname, master2_port, master2_binddn,
- master2_bindpwd);
+ master2_bindpwd);
String suffix = cs.getString("internaldb.basedn", "");
- String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config";
- CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn);
+ String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
+ CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
String masterBindUser = "Replication Manager " + masterAgreementName;
String cloneBindUser = "Replication Manager " + cloneAgreementName;
@@ -1168,16 +1163,16 @@ public class DatabasePanel extends WizardPanelBase {
CMS.debug("DatabasePanel setupReplication: Finished enabling replication");
- createReplicationAgreement(replicadn, conn1, masterAgreementName,
- master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
+ createReplicationAgreement(replicadn, conn1, masterAgreementName,
+ master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
- createReplicationAgreement(replicadn, conn2, cloneAgreementName,
- master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
+ createReplicationAgreement(replicadn, conn2, cloneAgreementName,
+ master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
// initialize consumer
initializeConsumer(replicadn, conn1, masterAgreementName);
- while (! replicationDone(replicadn, conn1, masterAgreementName)) {
+ while (!replicationDone(replicadn, conn1, masterAgreementName)) {
CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete");
Thread.sleep(1000);
}
@@ -1185,12 +1180,12 @@ public class DatabasePanel extends WizardPanelBase {
String status = replicationStatus(replicadn, conn1, masterAgreementName);
if (!status.startsWith("0 ")) {
CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " +
- status);
+ status);
throw new IOException("consumer initialization failed. " + status);
- }
+ }
} catch (Exception e) {
- CMS.debug("DatabasePanel setupReplication: "+e.toString());
+ CMS.debug("DatabasePanel setupReplication: " + e.toString());
throw new IOException("Failed to setup the replication for cloning.");
}
}
@@ -1203,15 +1198,15 @@ public class DatabasePanel extends WizardPanelBase {
Context context) {
try {
- initParams(request, context);
- } catch (IOException e) {
+ initParams(request, context);
+ } catch (IOException e) {
}
context.put("title", "Database");
context.put("panel", "admin/console/config/databasepanel.vm");
}
private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
- throws LDAPException {
+ throws LDAPException {
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
String dn = "cn=" + bindUser + ",cn=config";
@@ -1231,11 +1226,11 @@ public class DatabasePanel extends WizardPanelBase {
conn.delete(dn);
conn.add(entry);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationManager: "+ee.toString());
+ CMS.debug("DatabasePanel createReplicationManager: " + ee.toString());
}
return;
} else {
- CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString());
+ CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString());
throw e;
}
}
@@ -1244,7 +1239,7 @@ public class DatabasePanel extends WizardPanelBase {
}
private void createChangeLog(LDAPConnection conn, String dir)
- throws LDAPException {
+ throws LDAPException {
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
String dn = "cn=changelog5,cn=config";
@@ -1259,17 +1254,17 @@ public class DatabasePanel extends WizardPanelBase {
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used");
-/* leave it, dont delete it because it will have operation error
- try {
- conn.delete(dn);
- conn.add(entry);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
- }
-*/
+ /* leave it, dont delete it because it will have operation error
+ try {
+ conn.delete(dn);
+ conn.add(entry);
+ } catch (LDAPException ee) {
+ CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
+ }
+ */
return;
} else {
- CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString());
throw e;
}
}
@@ -1278,8 +1273,8 @@ public class DatabasePanel extends WizardPanelBase {
}
private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id)
- throws LDAPException {
- CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn);
+ throws LDAPException {
+ CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn);
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
try {
@@ -1290,7 +1285,7 @@ public class DatabasePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",cn=config"));
+ "cn=" + bindUser + ",cn=config"));
attrs.add(new LDAPAttribute("cn", "replica"));
attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
attrs.add(new LDAPAttribute("nsds5flags", "1"));
@@ -1300,47 +1295,47 @@ public class DatabasePanel extends WizardPanelBase {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
/* BZ 470918 -we cant just add the new dn. We need to do a replace instead
* until the DS code is fixed */
- CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used");
-
+ CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used");
+
try {
entry = conn.read(replicadn);
LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
- attr.addValue( "cn=" + bindUser + ",cn=config");
+ attr.addValue("cn=" + bindUser + ",cn=config");
LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
conn.modify(replicadn, mod);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel enableReplication: Failed to modify "
- +replicadn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel enableReplication: Failed to modify "
+ + replicadn + " entry. Exception: " + e.toString());
}
return id;
} else {
- CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString());
return id;
}
}
- CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry.");
+ CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry.");
return id + 1;
}
- private void createReplicationAgreement(String replicadn,
- LDAPConnection conn, String name, String replicahost, int replicaport,
- String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
- String dn = "cn="+name+","+replicadn;
- CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn);
+ private void createReplicationAgreement(String replicadn,
+ LDAPConnection conn, String name, String replicahost, int replicaport,
+ String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
+ String dn = "cn=" + name + "," + replicadn;
+ CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn);
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
try {
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
attrs.add(new LDAPAttribute("objectclass",
- "nsds5replicationagreement"));
+ "nsds5replicationagreement"));
attrs.add(new LDAPAttribute("cn", name));
attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
- attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport));
+ attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",cn=config"));
+ "cn=" + bindUser + ",cn=config"));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
@@ -1351,50 +1346,50 @@ public class DatabasePanel extends WizardPanelBase {
}
CMS.debug("About to set description attr to " + name);
- attrs.add(new LDAPAttribute("description",name));
+ attrs.add(new LDAPAttribute("description", name));
entry = new LDAPEntry(dn, attrs);
conn.add(entry);
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used");
+ CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used");
try {
conn.delete(dn);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+ CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
throw ee;
}
try {
conn.add(entry);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+ CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
throw ee;
}
} else {
- CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString());
throw e;
}
}
- CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name);
+ CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name);
}
- private void initializeConsumer(String replicadn, LDAPConnection conn,
- String name) {
- String dn = "cn="+name+","+replicadn;
- CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn);
- CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort());
+ private void initializeConsumer(String replicadn, LDAPConnection conn,
+ String name) {
+ String dn = "cn=" + name + "," + replicadn;
+ CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn);
+ CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort());
try {
LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh",
- "start");
+ "start");
LDAPModification mod = new LDAPModification(
- LDAPModification.REPLACE, attr);
+ LDAPModification.REPLACE, attr);
CMS.debug("DatabasePanel initializeConsumer: start modifying");
conn.modify(dn, mod);
CMS.debug("DatabasePanel initializeConsumer: Finish modification.");
} catch (LDAPException e) {
- CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString());
return;
} catch (Exception e) {
CMS.debug("DatabasePanel initializeConsumer: exception " + e);
@@ -1405,33 +1400,33 @@ public class DatabasePanel extends WizardPanelBase {
Thread.sleep(5000);
CMS.debug("DatabasePanel initializeConsumer: finish sleeping.");
} catch (InterruptedException ee) {
- CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString());
+ CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString());
}
CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer");
}
- private boolean replicationDone(String replicadn, LDAPConnection conn, String name)
- throws IOException {
- String dn = "cn="+name+","+replicadn;
+ private boolean replicationDone(String replicadn, LDAPConnection conn, String name)
+ throws IOException {
+ String dn = "cn=" + name + "," + replicadn;
String filter = "(objectclass=*)";
- String[] attrs = {"nsds5beginreplicarefresh"};
+ String[] attrs = { "nsds5beginreplicarefresh" };
- CMS.debug("DatabasePanel replicationDone: dn: "+dn);
+ CMS.debug("DatabasePanel replicationDone: dn: " + dn);
try {
LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true);
+ attrs, true);
int count = results.getCount();
if (count < 1) {
throw new IOException("Replication entry not found");
- }
-
+ }
+
LDAPEntry entry = results.next();
LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh");
if (refresh == null) {
return true;
- }
+ }
return false;
} catch (Exception e) {
CMS.debug("DatabasePanel replicationDone: exception " + e);
@@ -1439,29 +1434,29 @@ public class DatabasePanel extends WizardPanelBase {
}
}
- private String replicationStatus(String replicadn, LDAPConnection conn, String name)
- throws IOException {
- String dn = "cn="+name+","+replicadn;
+ private String replicationStatus(String replicadn, LDAPConnection conn, String name)
+ throws IOException {
+ String dn = "cn=" + name + "," + replicadn;
String filter = "(objectclass=*)";
- String[] attrs = {"nsds5replicalastinitstatus"};
+ String[] attrs = { "nsds5replicalastinitstatus" };
String status = null;
- CMS.debug("DatabasePanel replicationStatus: dn: "+dn);
+ CMS.debug("DatabasePanel replicationStatus: dn: " + dn);
try {
LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, false);
+ attrs, false);
int count = results.getCount();
if (count < 1) {
throw new IOException("Replication entry not found");
- }
+ }
LDAPEntry entry = results.next();
LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus");
if (attr != null) {
Enumeration valsInAttr = attr.getStringValues();
if (valsInAttr.hasMoreElements()) {
- return (String)valsInAttr.nextElement();
+ return (String) valsInAttr.nextElement();
} else {
throw new IOException("No value returned for nsds5replicalastinitstatus");
}
@@ -1475,35 +1470,35 @@ public class DatabasePanel extends WizardPanelBase {
}
private String getInstanceDir(LDAPConnection conn) {
- String instancedir="";
+ String instancedir = "";
try {
String filter = "(objectclass=*)";
- String[] attrs = {"nsslapd-directory"};
+ String[] attrs = { "nsslapd-directory" };
LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB,
- filter, attrs, false);
+ filter, attrs, false);
while (results.hasMoreElements()) {
LDAPEntry entry = results.next();
String dn = entry.getDN();
- CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn);
+ CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn);
LDAPAttributeSet entryAttrs = entry.getAttributeSet();
Enumeration attrsInSet = entryAttrs.getAttributes();
while (attrsInSet.hasMoreElements()) {
- LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement();
+ LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
String attrName = nextAttr.getName();
- CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName);
+ CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName);
Enumeration valsInAttr = nextAttr.getStringValues();
- while ( valsInAttr.hasMoreElements() ) {
- String nextValue = (String)valsInAttr.nextElement();
+ while (valsInAttr.hasMoreElements()) {
+ String nextValue = (String) valsInAttr.nextElement();
if (attrName.equalsIgnoreCase("nsslapd-directory")) {
- CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue);
- return nextValue.substring(0,nextValue.lastIndexOf("/db"));
+ CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue);
+ return nextValue.substring(0, nextValue.lastIndexOf("/db"));
}
}
}
}
} catch (LDAPException e) {
- CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString());
+ CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString());
}
return instancedir;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
index d8fd7526..c44f6113 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class DatabaseServlet extends BaseServlet {
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
index 1e1b6dec..d72984d2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Locale;
@@ -42,25 +41,26 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class DisplayCertChainPanel extends WizardPanelBase {
- public DisplayCertChainPanel() {}
+ public DisplayCertChainPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Display Certificate Chain");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Display Certificate Chain");
setId(id);
}
-
- public boolean isSubPanel() {
+
+ public boolean isSubPanel() {
return true;
}
@@ -70,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -86,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
- try {
- String select = cs.getString("securitydomain.select","");
+ try {
+ String select = cs.getString("securitydomain.select", "");
String type = cs.getString("preop.subsystem.select", "");
String hierarchy = cs.getString("preop.hierarchy.select", "");
@@ -132,7 +132,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
try {
certchain_size = cs.getString(certChainConfigName, "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
int size = 0;
Vector v = new Vector();
@@ -140,20 +141,22 @@ public class DisplayCertChainPanel extends WizardPanelBase {
if (!certchain_size.equals("")) {
try {
size = Integer.parseInt(certchain_size);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
for (int i = 0; i < size; i++) {
certChainConfigName = "preop." + type + ".certchain." + i;
try {
String c = cs.getString(certChainConfigName, "");
byte[] b_c = CryptoUtil.base64Decode(c);
CertPrettyPrint pp = new CertPrettyPrint(
- new X509CertImpl(b_c));
+ new X509CertImpl(b_c));
v.addElement(pp.toString(Locale.getDefault()));
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
}
-
+
if (getId().equals("securitydomain")) {
context.put("panelid", "securitydomain");
context.put("panelname", "Security Domain Trust Verification");
@@ -184,7 +187,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
importCertChain(getId());
if (getId().equals("securitydomain")) {
- int panel = getPanelNo()+1;
+ int panel = getPanelNo() + 1;
IConfigStore cs = CMS.getConfigStore();
try {
String sd_hostname = cs.getString("securitydomain.host", "");
@@ -192,23 +195,23 @@ public class DisplayCertChainPanel extends WizardPanelBase {
String cs_hostname = cs.getString("machineName", "");
int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
String subsystem = cs.getString("cs.type", "");
- String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+ String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+ String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
response.sendRedirect(sdurl);
// The user previously specified the CA Security Domain's
// SSL Admin port in the "Security Domain Panel";
// now retrieve this specified CA Security Domain's
// non-SSL EE, SSL Agent, and SSL EE ports:
- cs.putString( "securitydomain.httpport",
- getSecurityDomainPort( cs, "UnSecurePort" ) );
- cs.putString("securitydomain.httpsagentport",
- getSecurityDomainPort( cs, "SecureAgentPort" ) );
- cs.putString("securitydomain.httpseeport",
- getSecurityDomainPort( cs, "SecurePort" ) );
+ cs.putString("securitydomain.httpport",
+ getSecurityDomainPort(cs, "UnSecurePort"));
+ cs.putString("securitydomain.httpsagentport",
+ getSecurityDomainPort(cs, "SecureAgentPort"));
+ cs.putString("securitydomain.httpseeport",
+ getSecurityDomainPort(cs, "SecurePort"));
} catch (Exception ee) {
- CMS.debug("DisplayCertChainPanel Exception="+ee.toString());
+ CMS.debug("DisplayCertChainPanel Exception=" + ee.toString());
}
}
context.put("updateStatus", "success");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
index 00871921..3bb8c73c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class DisplayServlet extends BaseServlet {
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 9669ddb1..b330b705 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.math.BigInteger;
import java.net.URLEncoder;
@@ -58,22 +57,23 @@ public class DonePanel extends WizardPanelBase {
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
public static final String RESTART_SERVER_AFTER_CONFIGURATION =
- "restart_server_after_configuration";
+ "restart_server_after_configuration";
public static final String PKI_SECURITY_DOMAIN = "pki_security_domain";
- public DonePanel() {}
+ public DonePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Done");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Done");
setId(id);
@@ -88,15 +88,14 @@ public class DonePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
private LDAPConnection getLDAPConn(Context context)
- throws IOException
- {
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
String host = "";
@@ -112,8 +111,8 @@ public class DonePanel extends WizardPanelBase {
pwd = pwdStore.getPassword("internaldb");
}
- if ( pwd == null) {
- throw new IOException("DonePanel: Failed to obtain password from password store");
+ if (pwd == null) {
+ throw new IOException("DonePanel: Failed to obtain password from password store");
}
try {
@@ -138,11 +137,11 @@ public class DonePanel extends WizardPanelBase {
LDAPConnection conn = null;
if (security.equals("true")) {
- CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
} else {
- CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
+ CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
}
CMS.debug("DonePanel connecting to " + host + ":" + p);
@@ -153,10 +152,9 @@ public class DonePanel extends WizardPanelBase {
throw new IOException("Failed to connect to the internal database.");
}
- return conn;
+ return conn;
}
-
/**
* Display the panel.
*/
@@ -193,31 +191,32 @@ public class DonePanel extends WizardPanelBase {
instanceRoot = cs.getString("instanceRoot");
select = cs.getString("preop.subsystem.select", "");
systemdService = cs.getString("pkicreate.systemd.servicename", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String initDaemon = "";
if (type.equals("CA")) {
- initDaemon = "pki-cad";
+ initDaemon = "pki-cad";
} else if (type.equals("KRA")) {
- initDaemon = "pki-krad";
+ initDaemon = "pki-krad";
} else if (type.equals("OCSP")) {
- initDaemon = "pki-ocspd";
+ initDaemon = "pki-ocspd";
} else if (type.equals("TKS")) {
- initDaemon = "pki-tksd";
+ initDaemon = "pki-tksd";
}
- String os = System.getProperty( "os.name" );
- if( os.equalsIgnoreCase( "Linux" ) ) {
- if (! systemdService.equals("")) {
- context.put( "initCommand", "/bin/systemctl");
- context.put( "instanceId", systemdService );
+ String os = System.getProperty("os.name");
+ if (os.equalsIgnoreCase("Linux")) {
+ if (!systemdService.equals("")) {
+ context.put("initCommand", "/bin/systemctl");
+ context.put("instanceId", systemdService);
} else {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/sbin/service " + initDaemon);
+ context.put("instanceId", instanceId);
}
} else {
/* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
- context.put( "initCommand", "/etc/init.d/" + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/etc/init.d/" + initDaemon);
+ context.put("instanceId", instanceId);
}
context.put("title", "Done");
context.put("panel", "admin/console/config/donepanel.vm");
@@ -233,7 +232,7 @@ public class DonePanel extends WizardPanelBase {
return;
} else
context.put("csstate", "0");
-
+
} catch (Exception e) {
}
@@ -280,11 +279,11 @@ public class DonePanel extends WizardPanelBase {
String basedn = cs.getString("internaldb.basedn");
String secdomain = cs.getString("securitydomain.name");
- try {
+ try {
// Create security domain ldap entry
String dn = "ou=Security Domain," + basedn;
CMS.debug("DonePanel: creating ldap entry : " + dn);
-
+
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
attrs = new LDAPAttributeSet();
@@ -305,10 +304,10 @@ public class DonePanel extends WizardPanelBase {
throw e;
}
- try {
+ try {
// create list containers
- String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
- for (int i=0; i< clist.length; i++) {
+ String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" };
+ for (int i = 0; i < clist.length; i++) {
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
@@ -320,9 +319,9 @@ public class DonePanel extends WizardPanelBase {
conn.add(entry);
}
} catch (Exception e) {
- CMS.debug("Unable to create security domain list groups" );
+ CMS.debug("Unable to create security domain list groups");
throw e;
- }
+ }
try {
// Add this host (only CA can create new domain)
@@ -340,8 +339,8 @@ public class DonePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("SecureAdminPort",
ownadminsport));
if (owneeclientauthsport != null) {
- attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
- owneeclientauthsport));
+ attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
+ owneeclientauthsport));
}
attrs.add(new LDAPAttribute("UnSecurePort", ownport));
attrs.add(new LDAPAttribute("Clone", "FALSE"));
@@ -357,28 +356,29 @@ public class DonePanel extends WizardPanelBase {
CMS.debug("DonePanel display: finish updating domain info");
conn.disconnect();
} catch (Exception e) {
- CMS.debug("DonePanel display: "+e.toString());
+ CMS.debug("DonePanel display: " + e.toString());
}
int sd_admin_port_int = -1;
try {
- sd_admin_port_int = Integer.parseInt( sd_admin_port );
+ sd_admin_port_int = Integer.parseInt(sd_admin_port);
} catch (Exception e) {
}
try {
// Fetch the "new" security domain and display it
- CMS.debug( "Dump contents of new Security Domain . . ." );
- String c = getDomainXML( sd_host, sd_admin_port_int, true );
- } catch( Exception e ) {}
+ CMS.debug("Dump contents of new Security Domain . . .");
+ String c = getDomainXML(sd_host, sd_admin_port_int, true);
+ } catch (Exception e) {
+ }
// Since this instance is a new Security Domain,
// create an empty file to designate this fact.
String security_domain = instanceRoot + "/conf/"
+ PKI_SECURITY_DOMAIN;
- if( !Utils.isNT() ) {
- Utils.exec( "touch " + security_domain );
- Utils.exec( "chmod 00660 " + security_domain );
+ if (!Utils.isNT()) {
+ Utils.exec("touch " + security_domain);
+ Utils.exec("chmod 00660 " + security_domain);
}
} else { //existing domain
@@ -398,31 +398,31 @@ public class DonePanel extends WizardPanelBase {
cloneStr = "&clone=false";
String domainMasterStr = "";
- if (cloneMaster)
+ if (cloneMaster)
domainMasterStr = "&dm=true";
- else
- domainMasterStr = "&dm=false";
+ else
+ domainMasterStr = "&dm=false";
String eecaStr = "";
- if (owneeclientauthsport != null)
- eecaStr="&eeclientauthsport=" + owneeclientauthsport;
+ if (owneeclientauthsport != null)
+ eecaStr = "&eeclientauthsport=" + owneeclientauthsport;
- updateDomainXML( sd_host, sd_agent_port_int, true,
- "/ca/agent/ca/updateDomainXML",
+ updateDomainXML(sd_host, sd_agent_port_int, true,
+ "/ca/agent/ca/updateDomainXML",
"list=" + s
- + "&type=" + type
- + "&host=" + ownhost
- + "&name=" + subsystemName
- + "&sport=" + ownsport
- + domainMasterStr
- + cloneStr
- + "&agentsport=" + ownagentsport
- + "&adminsport=" + ownadminsport
- + eecaStr
- + "&httpport=" + ownport );
+ + "&type=" + type
+ + "&host=" + ownhost
+ + "&name=" + subsystemName
+ + "&sport=" + ownsport
+ + domainMasterStr
+ + cloneStr
+ + "&agentsport=" + ownagentsport
+ + "&adminsport=" + ownadminsport
+ + eecaStr
+ + "&httpport=" + ownport);
// Fetch the "updated" security domain and display it
- CMS.debug( "Dump contents of updated Security Domain . . ." );
- String c = getDomainXML( sd_host, sd_admin_port_int, true );
+ CMS.debug("Dump contents of updated Security Domain . . .");
+ String c = getDomainXML(sd_host, sd_admin_port_int, true);
} catch (Exception e) {
context.put("errorString", "Failed to update the security domain on the domain master.");
//return;
@@ -439,7 +439,6 @@ public class DonePanel extends WizardPanelBase {
CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e);
}
-
// need to push connector information to the CA
if (type.equals("KRA") && !ca_host.equals("")) {
try {
@@ -469,7 +468,7 @@ public class DonePanel extends WizardPanelBase {
setupClientAuthUser();
}
-
+
if (!select.equals("clone")) {
if (type.equals("CA") || type.equals("KRA")) {
String beginRequestNumStr = "";
@@ -478,7 +477,7 @@ public class DonePanel extends WizardPanelBase {
String endSerialNumStr = "";
String requestIncStr = "";
String serialIncStr = "";
-
+
try {
endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
@@ -495,22 +494,22 @@ public class DonePanel extends WizardPanelBase {
serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn;
} else {
serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn;
- }
- LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString());
- LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange );
- conn.modify( serialdn, serialmod );
+ }
+ LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString());
+ LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
+ conn.modify(serialdn, serialmod);
String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn;
- LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString());
- LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange );
- conn.modify( requestdn, requestmod );
+ LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString());
+ LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange);
+ conn.modify(requestdn, requestmod);
- conn.disconnect();
+ conn.disconnect();
} catch (Exception e) {
CMS.debug("Unable to update global next range numbers: " + e);
- }
+ }
}
- }
+ }
if (cloneMaster) {
// cloning a domain master CA, the clone is also master of its domain
@@ -550,24 +549,30 @@ public class DonePanel extends WizardPanelBase {
// more cloning variables needed for non-ca clones
- if (! type.equals("CA")) {
+ if (!type.equals("CA")) {
String val = cs.getString("preop.ca.hostname", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.hostname", val);
val = cs.getString("preop.ca.httpport", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.httpport", val);
- val = cs.getString("preop.ca.httpsport", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val);
+ val = cs.getString("preop.ca.httpsport", "");
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.httpsport", val);
val = cs.getString("preop.ca.list", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.list", val);
val = cs.getString("preop.ca.pkcs7", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.pkcs7", val);
val = cs.getString("preop.ca.type", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.type", val);
}
// save EC type for sslserver cert (if present)
@@ -581,9 +586,9 @@ public class DonePanel extends WizardPanelBase {
// been restarted!
String restart_server = instanceRoot + "/conf/"
+ RESTART_SERVER_AFTER_CONFIGURATION;
- if( !Utils.isNT() ) {
- Utils.exec( "touch " + restart_server );
- Utils.exec( "chmod 00660 " + restart_server );
+ if (!Utils.isNT()) {
+ Utils.exec("touch " + restart_server);
+ Utils.exec("chmod 00660 " + restart_server);
}
} catch (Exception e) {
@@ -593,13 +598,12 @@ public class DonePanel extends WizardPanelBase {
context.put("csstate", "1");
}
- private void setupClientAuthUser()
- {
+ private void setupClientAuthUser() {
IConfigStore cs = CMS.getConfigStore();
// retrieve CA subsystem certificate from the CA
IUGSubsystem system =
- (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+ (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
String id = "";
try {
String b64 = getCASubsystemCert();
@@ -640,9 +644,8 @@ public class DonePanel extends WizardPanelBase {
}
}
-
- private void updateOCSPConfig(HttpServletResponse response)
- throws IOException {
+ private void updateOCSPConfig(HttpServletResponse response)
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String cahost = "";
int caport = -1;
@@ -661,7 +664,7 @@ public class DonePanel extends WizardPanelBase {
int ocspport = Integer.parseInt(CMS.getAgentPort());
int ocspagentport = Integer.parseInt(CMS.getAgentPort());
String session_id = CMS.getConfigSDSessionId();
- String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport;
+ String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
updateOCSPConfig(cahost, caport, true, content, response);
}
@@ -675,7 +678,7 @@ public class DonePanel extends WizardPanelBase {
if (b64.equals(""))
throw new IOException("Failed to get certificate chain.");
-
+
try {
// this could be a chain
X509Certificate[] certs = Cert.mapCertFromPKCS7(b64);
@@ -686,9 +689,9 @@ public class DonePanel extends WizardPanelBase {
} else {
leafCert = certs[0];
}
-
- IOCSPAuthority ocsp =
- (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID);
+
+ IOCSPAuthority ocsp =
+ (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID);
IDefStore defStore = ocsp.getDefaultStore();
// (1) need to normalize (sort) the chain
@@ -696,9 +699,9 @@ public class DonePanel extends WizardPanelBase {
// (2) store certificate (and certificate chain) into
// database
ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
- leafCert.getSubjectDN().getName(),
- BIG_ZERO,
- MINUS_ONE, null, null);
+ leafCert.getSubjectDN().getName(),
+ BIG_ZERO,
+ MINUS_ONE, null, null);
try {
rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
@@ -748,7 +751,7 @@ public class DonePanel extends WizardPanelBase {
}
private void updateConnectorInfo(String ownagenthost, String ownagentsport)
- throws IOException {
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
int port = -1;
String url = "";
@@ -757,21 +760,21 @@ public class DonePanel extends WizardPanelBase {
try {
url = cs.getString("preop.ca.url", "");
if (!url.equals("")) {
- host = cs.getString("preop.ca.hostname", "");
- port = cs.getInteger("preop.ca.httpsadminport", -1);
- transportCert = cs.getString("kra.transport.cert", "");
+ host = cs.getString("preop.ca.hostname", "");
+ port = cs.getInteger("preop.ca.httpsadminport", -1);
+ transportCert = cs.getString("kra.transport.cert", "");
}
} catch (Exception e) {
}
if (host == null) {
- CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
+ CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
} else {
- CMS.debug("DonePanel: Transport certificate is being setup in " + url);
- String session_id = CMS.getConfigSDSessionId();
- String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id;
+ CMS.debug("DonePanel: Transport certificate is being setup in " + url);
+ String session_id = CMS.getConfigSDSessionId();
+ String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id;
- updateConnectorInfo(host, port, true, content);
+ updateConnectorInfo(host, port, true, content);
}
}
@@ -802,12 +805,14 @@ public class DonePanel extends WizardPanelBase {
*/
public void update(HttpServletRequest request,
HttpServletResponse response,
- Context context) throws IOException {}
+ Context context) throws IOException {
+ }
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
- Context context) {/* This should never be called */}
+ Context context) {/* This should never be called */
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
index 9d7fc22a..094aa716 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
@@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("DownloadPKCS12: processing...");
@@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet {
mRenderResult = false;
// check the pin from the session
- String pin = (String)httpReq.getSession().getAttribute("pin");
+ String pin = (String) httpReq.getSession().getAttribute("pin");
if (pin == null) {
CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie.");
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
@@ -101,16 +102,17 @@ public class DownloadPKCS12 extends CMSServlet {
httpResp.getOutputStream().write(pkcs12);
return;
} catch (Exception e) {
- CMS.debug("DownloadPKCS12 process: Exception="+e.toString());
+ CMS.debug("DownloadPKCS12 process: Exception=" + e.toString());
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
index 87cb7a7c..6c286e81 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Locale;
@@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetCertChain extends CMSServlet {
/**
@@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -63,11 +62,12 @@ public class GetCertChain extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
* <li>http.param op 'displayIND' - display pretty-print of certificate chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,7 +95,7 @@ public class GetCertChain extends CMSServlet {
} catch (IOException e) {
log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
- e.toString()));
+ e.toString()));
outputError(httpResp,
"Error: Failed to encode the certificate chain");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
index c1010b46..1ff06416 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
@@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -67,11 +68,12 @@ public class GetConfigEntries extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
* <li>http.param op 'displayIND' - display pretty-print of certificate chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -84,12 +86,12 @@ public class GetConfigEntries extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
CMS.debug("GetConfigEntries authentication failed");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
- }
+ }
// Construct an ArgBlock
IArgBlock args = cmsReq.getHttpParams();
@@ -104,32 +106,32 @@ public class GetConfigEntries extends CMSServlet {
try {
xmlObj = new XMLObject();
} catch (Exception e) {
- CMS.debug("GetConfigEntries process: Exception: "+e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("GetConfigEntries process: Exception: " + e.toString());
+ throw new EBaseException(e.toString());
}
Node root = xmlObj.createRoot("XMLResponse");
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
"read");
} catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- outputError(httpResp, "Error: Not authorized");
- return;
+ outputError(httpResp, "Error: Not authorized");
+ return;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- outputError(httpResp,
+ outputError(httpResp,
"Error: Encountered problem during authorization.");
- return;
+ return;
}
if (authzToken == null) {
- outputError(httpResp, "Error: Not authorized");
- return;
+ outputError(httpResp, "Error: Not authorized");
+ return;
}
if (op != null) {
@@ -140,9 +142,9 @@ public class GetConfigEntries extends CMSServlet {
String name1 = t.nextToken();
IConfigStore cs = config.getSubStore(name1);
Enumeration enum1 = cs.getPropertyNames();
-
+
while (enum1.hasMoreElements()) {
- String name = name1+"."+enum1.nextElement();
+ String name = name1 + "." + enum1.nextElement();
try {
String value = config.getString(name);
Node container = xmlObj.createContainer(root, "Config");
@@ -171,10 +173,10 @@ public class GetConfigEntries extends CMSServlet {
value = getLDAPPassword();
} else if (name.equals("internaldb.replication.password")) {
value = getReplicationPassword();
- } else
+ } else
continue;
}
-
+
Node container = xmlObj.createContainer(root, "Config");
xmlObj.addItemToContainer(container, "name", name);
xmlObj.addItemToContainer(container, "value", value);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index 74edda79..2c9cc41f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
public class GetCookie extends CMSServlet {
/**
@@ -58,9 +57,9 @@ public class GetCookie extends CMSServlet {
private String mFormPath = null;
private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
- "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
- "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+ "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
public GetCookie() {
super();
@@ -68,6 +67,7 @@ public class GetCookie extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -78,12 +78,13 @@ public class GetCookie extends CMSServlet {
mRandom = new Random();
mErrorFormPath = sc.getInitParameter("errorTemplatePath");
if (mOutputTemplatePath != null) {
- mFormPath = mOutputTemplatePath;
+ mFormPath = mOutputTemplatePath;
}
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -100,14 +101,14 @@ public class GetCookie extends CMSServlet {
}
IArgBlock header = CMS.createArgBlock();
- IArgBlock ctx = CMS.createArgBlock();
+ IArgBlock ctx = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
CMSTemplate form = null;
Locale[] locale = new Locale[1];
String url = httpReq.getParameter("url");
- CMS.debug("GetCookie before auth, url ="+url);
+ CMS.debug("GetCookie before auth, url =" + url);
String url_e = "";
URL u = null;
try {
@@ -115,13 +116,13 @@ public class GetCookie extends CMSServlet {
u = new URL(url_e);
} catch (Exception eee) {
throw new ECMSGWException(
- "GetCookie missing parameter: url");
+ "GetCookie missing parameter: url");
}
int index2 = url_e.indexOf("subsystem=");
String subsystem = "";
if (index2 > 0) {
- subsystem = url.substring(index2+10);
+ subsystem = url.substring(index2 + 10);
int index1 = subsystem.indexOf("&");
if (index1 > 0)
subsystem = subsystem.substring(0, index1);
@@ -131,9 +132,9 @@ public class GetCookie extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
CMS.debug("GetCookie authentication failed");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
header.addStringValue("sd_uid", "");
header.addStringValue("sd_pwd", "");
header.addStringValue("host", u.getHost());
@@ -149,17 +150,17 @@ public class GetCookie extends CMSServlet {
form = getTemplate(mErrorFormPath, httpReq, locale);
} catch (IOException eee) {
CMS.debug("GetCookie process: cant locate the form");
-/*
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
- }
+ /*
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ */
+ }
- if( form == null ) {
+ if (form == null) {
CMS.debug("GetCookie::process() - form is null!");
- throw new EBaseException( "form is null" );
+ throw new EBaseException("form is null");
}
try {
@@ -170,16 +171,16 @@ public class GetCookie extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException ee) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
- }
+ }
String cookie = "";
String auditMessage = "";
-
+
if (authToken != null) {
String uid = authToken.getInString("uid");
String groupname = getGroupName(uid, subsystem);
@@ -195,7 +196,7 @@ public class GetCookie extends CMSServlet {
// assign cookie
long num = mRandom.nextLong();
- cookie = num+"";
+ cookie = num + "";
ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
String addr = "";
try {
@@ -207,11 +208,11 @@ public class GetCookie extends CMSServlet {
ip = InetAddress.getByName(addr).toString();
int index = ip.indexOf("/");
if (index > 0)
- ip = ip.substring(index+1);
+ ip = ip.substring(index + 1);
} catch (Exception e) {
}
- String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip +
+ String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
"+uid;;" + uid + "+groupname;;" + groupname;
int status = ctable.addEntry(cookie, ip, uid, groupname);
@@ -232,18 +233,18 @@ public class GetCookie extends CMSServlet {
}
try {
- String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort();
+ String sd_url = "https://" + CMS.getEESSLHost() + ":" + CMS.getEESSLPort();
if (!url.startsWith("$")) {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
CMS.debug("GetCookie process: cant locate the form");
-/*
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+ /*
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ */
}
header.addStringValue("url", url);
@@ -254,13 +255,13 @@ public class GetCookie extends CMSServlet {
ServletOutputStream out = httpResp.getOutputStream();
cmsReq.setStatus(CMSRequest.SUCCESS);
- httpResp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ httpResp.setContentType("text/html");
+ form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
} catch (Exception e) {
@@ -278,25 +279,25 @@ public class GetCookie extends CMSServlet {
private String getGroupName(String uid, String subsystemname) {
String groupname = "";
- IUGSubsystem subsystem =
- (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID));
- if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") &&
- subsystemname.equals("CA")) {
+ IUGSubsystem subsystem =
+ (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+ if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") &&
+ subsystemname.equals("CA")) {
return "Enterprise CA Administrators";
} else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") &&
- subsystemname.equals("KRA")) {
+ subsystemname.equals("KRA")) {
return "Enterprise KRA Administrators";
} else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") &&
- subsystemname.equals("OCSP")) {
+ subsystemname.equals("OCSP")) {
return "Enterprise OCSP Administrators";
} else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") &&
- subsystemname.equals("TKS")) {
+ subsystemname.equals("TKS")) {
return "Enterprise TKS Administrators";
} else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") &&
- subsystemname.equals("RA")) {
+ subsystemname.equals("RA")) {
return "Enterprise RA Administrators";
} else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") &&
- subsystemname.equals("TPS")) {
+ subsystemname.equals("TPS")) {
return "Enterprise TPS Administrators";
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
index f9e6c70e..04d88dba 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Enumeration;
@@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetDomainXML extends CMSServlet {
/**
@@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,12 @@ public class GetDomainXML extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
* <li>http.param op 'displayIND' - display pretty-print of certificate chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,8 +95,7 @@ public class GetDomainXML extends CMSServlet {
try {
secstore = cs.getString("securitydomain.store");
basedn = cs.getString("internaldb.basedn");
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script");
}
@@ -129,7 +128,7 @@ public class GetDomainXML extends CMSServlet {
// this should return CAList, KRAList etc.
LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, true, cons);
+ attrs, true, cons);
while (res.hasMoreElements()) {
int count = 0;
@@ -137,10 +136,10 @@ public class GetDomainXML extends CMSServlet {
String listName = dn.substring(3, dn.indexOf(","));
String subType = listName.substring(0, listName.indexOf("List"));
Node listNode = xmlObj.createContainer(domainInfo, listName);
-
+
filter = "objectclass=pkiSubsystem";
- LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, false, cons);
+ LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, false, cons);
while (res2.hasMoreElements()) {
Node node = xmlObj.createContainer(listNode, subType);
LDAPEntry entry = res2.next();
@@ -149,32 +148,29 @@ public class GetDomainXML extends CMSServlet {
while (attrsInSet.hasMoreElements()) {
LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
String attrName = nextAttr.getName();
- if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) {
+ if ((!attrName.equals("cn")) && (!attrName.equals("objectClass"))) {
String attrValue = (String) nextAttr.getStringValues().nextElement();
xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue);
}
}
- count ++;
- }
+ count++;
+ }
xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count));
}
// Add new xml object as string to response.
response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString());
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString());
status = FAILED;
- }
- finally {
- if ((conn != null) && (connFactory!= null)) {
+ } finally {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
}
- }
- else {
- // get data from file store
+ } else {
+ // get data from file store
String path = CMS.getConfigStore().getString("instanceRoot", "")
+ "/conf/domain.xml";
@@ -194,10 +190,9 @@ public class GetDomainXML extends CMSServlet {
CMS.debug("GetDomainXML: Done Reading domain.xml...");
response.addItemToContainer(root, "DomainInfo", new String(buf));
- }
- catch (Exception e) {
- CMS.debug("Failed to read domain.xml from file" + e.toString());
- status = FAILED;
+ } catch (Exception e) {
+ CMS.debug("Failed to read domain.xml from file" + e.toString());
+ status = FAILED;
}
}
@@ -211,16 +206,19 @@ public class GetDomainXML extends CMSServlet {
}
protected String securityDomainLDAPtoXML(String attribute) {
- if (attribute.equals("host")) return "Host";
- else return attribute;
+ if (attribute.equals("host"))
+ return "Host";
+ else
+ return attribute;
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
index 02fe36c1..28279f04 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetStatus extends CMSServlet {
/**
@@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- IConfigStore config = CMS.getConfigStore();
+ IConfigStore config = CMS.getConfigStore();
String outputString = null;
- String state = config.getString("cs.state", "");
- String type = config.getString("cs.type", "");
+ String state = config.getString("cs.state", "");
+ String type = config.getString("cs.type", "");
try {
XMLObject xmlObj = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
index c1bf138e..7beda662 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetSubsystemCert extends CMSServlet {
/**
@@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -76,16 +75,16 @@ public class GetSubsystemCert extends CMSServlet {
nickname = cs.getString("ca.subsystem.nickname", "");
String tokenname = cs.getString("ca.subsystem.tokenname", "");
if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ nickname = tokenname + ":" + nickname;
} catch (Exception e) {
}
- CMS.debug("GetSubsystemCert process: nickname="+nickname);
+ CMS.debug("GetSubsystemCert process: nickname=" + nickname);
String s = "";
try {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate cert = cm.findCertByNickname(nickname);
-
+
if (cert == null) {
CMS.debug("GetSubsystemCert process: subsystem cert is null");
outputError(httpResp, "Error: Failed to get subsystem certificate.");
@@ -95,7 +94,7 @@ public class GetSubsystemCert extends CMSServlet {
byte[] bytes = cert.getEncoded();
s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
} catch (Exception e) {
- CMS.debug("GetSubsystemCert process: exception: "+e.toString());
+ CMS.debug("GetSubsystemCert process: exception: " + e.toString());
}
try {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
index d7af0740..4d11af8a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
@@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -60,11 +61,12 @@ public class GetTokenInfo extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
* <li>http.param op 'displayIND' - display pretty-print of certificate chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -78,8 +80,8 @@ public class GetTokenInfo extends CMSServlet {
try {
xmlObj = new XMLObject();
} catch (Exception e) {
- CMS.debug("GetTokenInfo process: Exception: "+e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("GetTokenInfo process: Exception: " + e.toString());
+ throw new EBaseException(e.toString());
}
Node root = xmlObj.createRoot("XMLResponse");
@@ -97,7 +99,7 @@ public class GetTokenInfo extends CMSServlet {
String name = t1.nextToken();
if (name.equals("sslserver"))
continue;
- name = "cloning."+name+".nickname";
+ name = "cloning." + name + ".nickname";
String value = "";
try {
@@ -105,7 +107,7 @@ public class GetTokenInfo extends CMSServlet {
} catch (Exception ee) {
continue;
}
-
+
Node container = xmlObj.createContainer(root, "Config");
xmlObj.addItemToContainer(container, "name", name);
xmlObj.addItemToContainer(container, "value", value);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
index bc29b34a..ae55d2fb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.util.Locale;
@@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateUpdater: processing...");
@@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet {
CMS.debug("GetTransportCert authentication successful.");
} catch (Exception e) {
CMS.debug("GetTransportCert: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
CMS.debug("GetTransportCert authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -126,17 +126,17 @@ public class GetTransportCert extends CMSServlet {
IKeyRecoveryAuthority kra =
(IKeyRecoveryAuthority) mAuthority;
- ITransportKeyUnit tu = kra.getTransportKeyUnit();
- org.mozilla.jss.crypto.X509Certificate transportCert =
+ ITransportKeyUnit tu = kra.getTransportKeyUnit();
+ org.mozilla.jss.crypto.X509Certificate transportCert =
tu.getCertificate();
- String mime64 = "";
+ String mime64 = "";
try {
mime64 = CMS.BtoA(transportCert.getEncoded());
mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64);
- } catch (CertificateEncodingException eee) {
+ } catch (CertificateEncodingException eee) {
CMS.debug("GetTransportCert: Failed to encode certificate");
- }
+ }
// send success status back to the requestor
try {
@@ -154,12 +154,13 @@ public class GetTransportCert extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
index a00b0fb7..9044dec0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class HierarchyPanel extends WizardPanelBase {
- public HierarchyPanel() {}
+ public HierarchyPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("PKI Hierarchy");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("PKI Hierarchy");
setId(id);
@@ -64,8 +64,8 @@ public class HierarchyPanel extends WizardPanelBase {
null);
if (s != null && s.equals("clone")) {
// mark this panel as done
- c.putString("preop.hierarchy.select","root");
- c.putString("hierarchy.select","Clone");
+ c.putString("preop.hierarchy.select", "root");
+ c.putString("hierarchy.select", "Clone");
return true;
}
} catch (EBaseException e) {
@@ -89,15 +89,16 @@ public class HierarchyPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -117,7 +118,7 @@ public class HierarchyPanel extends WizardPanelBase {
if (s.equals("root")) {
context.put("check_root", "checked");
} else if (s.equals("join")) {
- context.put("check_join", "checked");
+ context.put("check_join", "checked");
}
} catch (Exception e) {
CMS.debug(e.toString());
@@ -163,16 +164,17 @@ public class HierarchyPanel extends WizardPanelBase {
}
if (select.equals("root")) {
- config.putString("preop.hierarchy.select", "root");
- config.putString("hierarchy.select", "Root");
+ config.putString("preop.hierarchy.select", "root");
+ config.putString("hierarchy.select", "Root");
config.putString("preop.ca.type", "sdca");
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
} else if (select.equals("join")) {
config.putString(PCERT_PREFIX + "signing.type", "remote");
config.putString("preop.hierarchy.select", "join");
- config.putString("hierarchy.select", "Subordinate");
+ config.putString("hierarchy.select", "Subordinate");
} else {
config.putString(PCERT_PREFIX + "signing.type", "remote");
CMS.debug("HierarchyPanel: invalid choice " + select);
@@ -187,5 +189,6 @@ public class HierarchyPanel extends WizardPanelBase {
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
- Context context) {}
+ Context context) {
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index d4f93a9b..9a220032 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
@@ -47,19 +46,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class ImportAdminCertPanel extends WizardPanelBase {
- public ImportAdminCertPanel() {}
+ public ImportAdminCertPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Import Administrator's Certificate");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Import Administrator's Certificate");
setId(id);
@@ -102,11 +102,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
try {
type = cs.getString("preop.ca.type", "");
subsystemtype = cs.getString("cs.type", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
try {
String serialno = cs.getString("preop.admincert.serialno.0");
-
+
context.put("serialNumber", serialno);
} catch (Exception e) {
context.put("errorString", "Failed to get serial number.");
@@ -135,7 +136,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
// to security domain host.
caHost = cs.getString("securitydomain.host", "");
caPort = cs.getString("securitydomain.httpsadminport", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
} else if (type.equals("sdca")) {
try {
// this is a non-CA system that submitted its certs to a CA
@@ -143,7 +145,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
// request for the admin cert to this CA
caHost = cs.getString("preop.ca.hostname", "");
caPort = cs.getString("preop.ca.httpsadminport", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
} else {
// for CAs, we always generate our own admin certs
@@ -151,7 +154,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
try {
caHost = cs.getString("service.machineName", "");
caPort = cs.getString("pkicreate.admin_secure_port", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
String pkcs7 = "";
@@ -192,12 +196,13 @@ public class ImportAdminCertPanel extends WizardPanelBase {
subsystemtype = cs.getString("cs.type", "");
security_domain_type = cs.getString("securitydomain.select", "");
selected_hierarchy = cs.getString("preop.hierarchy.select", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
ICertificateAuthority.ID);
- if (ca == null) {
+ if (ca == null) {
context.put("ca", "false");
} else {
context.put("ca", "true");
@@ -207,17 +212,17 @@ public class ImportAdminCertPanel extends WizardPanelBase {
X509CertImpl certs[] = new X509CertImpl[1];
// REMINDER: This panel is NOT used by "clones"
- if( ca != null ) {
+ if (ca != null) {
String serialno = null;
- if( selected_hierarchy.equals( "root" ) ) {
- CMS.debug( "ImportAdminCertPanel update: "
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("ImportAdminCertPanel update: "
+ "Root CA subsystem - "
- + "(new Security Domain)" );
+ + "(new Security Domain)");
} else {
- CMS.debug( "ImportAdminCertPanel update: "
+ CMS.debug("ImportAdminCertPanel update: "
+ "Subordinate CA subsystem - "
- + "(new Security Domain)" );
+ + "(new Security Domain)");
}
try {
@@ -234,35 +239,37 @@ public class ImportAdminCertPanel extends WizardPanelBase {
try {
certs[0] = repost.getX509Certificate(
new BigInteger(serialno, 16));
- } catch (Exception ee) {}
+ } catch (Exception ee) {
+ }
} else {
String dir = null;
// REMINDER: This panel is NOT used by "clones"
- if( subsystemtype.equals( "CA" ) ) {
- if( selected_hierarchy.equals( "root" ) ) {
- CMS.debug( "ImportAdminCertPanel update: "
+ if (subsystemtype.equals("CA")) {
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("ImportAdminCertPanel update: "
+ "Root CA subsystem - "
- + "(existing Security Domain)" );
+ + "(existing Security Domain)");
} else {
- CMS.debug( "ImportAdminCertPanel update: "
+ CMS.debug("ImportAdminCertPanel update: "
+ "Subordinate CA subsystem - "
- + "(existing Security Domain)" );
+ + "(existing Security Domain)");
}
} else {
- CMS.debug( "ImportAdminCertPanel update: "
+ CMS.debug("ImportAdminCertPanel update: "
+ subsystemtype
- + " subsystem" );
+ + " subsystem");
}
try {
- dir = cs.getString("preop.admincert.b64", "");
+ dir = cs.getString("preop.admincert.b64", "");
CMS.debug("ImportAdminCertPanel update: dir=" + dir);
- } catch (Exception ee) {}
+ } catch (Exception ee) {
+ }
try {
BufferedReader reader = new BufferedReader(
- new FileReader(dir));
+ new FileReader(dir));
String b64 = "";
StringBuffer sb = new StringBuffer();
@@ -289,7 +296,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
user.setX509Certificates(certs);
ug.addUserCert(user);
} catch (LDAPException e) {
- CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString());
+ CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString());
if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
context.put("updateStatus", "failure");
throw new IOException(e.toString());
@@ -312,7 +319,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
public boolean shouldSkip() {
try {
IConfigStore c = CMS.getConfigStore();
- String s = c.getString("preop.subsystem.select",null);
+ String s = c.getString("preop.subsystem.select", null);
if (s != null && s.equals("clone")) {
return true;
}
@@ -322,7 +329,6 @@ public class ImportAdminCertPanel extends WizardPanelBase {
return false;
}
-
/**
* If validiate() returns false, this method will be called.
*/
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
index 0c2e7fa0..a26b2dc2 100755
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class ImportCAChainPanel extends WizardPanelBase {
- public ImportCAChainPanel() {}
+ public ImportCAChainPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Import CA's Certificate Chain");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Import CA's Certificate Chain");
setId(id);
@@ -89,7 +89,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
context.put("https_port", cs.getString("pkicreate.ee_secure_port"));
context.put("http_port", cs.getString("pkicreate.unsecure_port"));
} catch (EBaseException e) {
- CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
+ CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
context.put("errorString", "Error loading values for Import CA Certificate Panel");
}
@@ -119,7 +119,6 @@ public class ImportCAChainPanel extends WizardPanelBase {
Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
-
context.put("errorString", "");
context.put("title", "Import CA's Certificate Chain");
context.put("panel", "admin/console/config/importcachainpanel.vm");
@@ -141,6 +140,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
context.put("http_port", cs.getString("pkicreate.unsecure_port"));
context.put("title", "Import CA's Certificate Chain");
context.put("panel", "admin/console/config/importcachainpanel.vm");
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
index 3f54ec1c..3b8f3b81 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateUpdater: processing...");
@@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet {
CMS.debug("ImportTransportCert authentication successful.");
} catch (Exception e) {
CMS.debug("ImportTransportCert: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
CMS.debug("ImportTransportCert authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet {
String certsString = httpReq.getParameter("certificate");
try {
- CryptoManager cm = CryptoManager.getInstance();
- CMS.debug("ImportTransportCert: Importing certificate");
- org.mozilla.jss.crypto.X509Certificate cert =
- cm.importCACertPackage(CMS.AtoB(certsString));
- String nickName = cert.getNickname();
- CMS.debug("ImportTransportCert: nickname " + nickName);
- cs.putString("tks.drm_transport_cert_nickname", nickName);
- CMS.debug("ImportTransportCert: Commiting configuration");
- cs.commit(false);
-
- // send success status back to the requestor
+ CryptoManager cm = CryptoManager.getInstance();
+ CMS.debug("ImportTransportCert: Importing certificate");
+ org.mozilla.jss.crypto.X509Certificate cert =
+ cm.importCACertPackage(CMS.AtoB(certsString));
+ String nickName = cert.getNickname();
+ CMS.debug("ImportTransportCert: nickname " + nickName);
+ cs.putString("tks.drm_transport_cert_nickname", nickName);
+ CMS.debug("ImportTransportCert: Commiting configuration");
+ cs.commit(false);
+
+ // send success status back to the requestor
CMS.debug("ImportTransportCert: Sending response");
XMLObject xmlObj = new XMLObject();
Node root = xmlObj.createRoot("XMLResponse");
@@ -150,12 +150,13 @@ public class ImportTransportCert extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
index a421302b..63b9aaf1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -39,8 +39,8 @@ import com.netscape.cmsutil.password.IPasswordStore;
* This object stores the values for IP, uid and group based on the cookie id in LDAP.
* Entries are stored under ou=Security Domain, ou=sessions, $basedn
*/
-public class LDAPSecurityDomainSessionTable
- implements ISecurityDomainSessionTable {
+public class LDAPSecurityDomainSessionTable
+ implements ISecurityDomainSessionTable {
private long m_timeToLive;
@@ -48,8 +48,8 @@ public class LDAPSecurityDomainSessionTable
m_timeToLive = timeToLive;
}
- public int addEntry(String sessionId, String ip,
- String uid, String group) {
+ public int addEntry(String sessionId, String ip,
+ String uid, String group) {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
boolean sessions_exists = true;
@@ -77,14 +77,14 @@ public class LDAPSecurityDomainSessionTable
attrs.add(new LDAPAttribute("ou", "sessions"));
entry = new LDAPEntry(sessionsdn, attrs);
conn.add(entry);
- } catch (Exception e) {
+ } catch (Exception e) {
if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
// continue
} else {
CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e);
sessions_exists = false;
}
- }
+ }
// add new entry
try {
@@ -106,9 +106,9 @@ public class LDAPSecurityDomainSessionTable
CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
status = SUCCESS;
}
- } catch(Exception e) {
+ } catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
- }
+ }
try {
conn.disconnect();
@@ -155,8 +155,9 @@ public class LDAPSecurityDomainSessionTable
conn = getLDAPConn();
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
- if (res.getCount() > 0) ret = true;
- } catch(Exception e) {
+ if (res.getCount() > 0)
+ ret = true;
+ } catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
}
@@ -168,7 +169,6 @@ public class LDAPSecurityDomainSessionTable
return ret;
}
-
public Enumeration<String> getSessionIds() {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
@@ -188,13 +188,13 @@ public class LDAPSecurityDomainSessionTable
}
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created");
- break;
- default:
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
+ case LDAPException.NO_SUCH_OBJECT:
+ CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created");
+ break;
+ default:
+ CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
}
- } catch(Exception e) {
+ } catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
}
@@ -211,18 +211,18 @@ public class LDAPSecurityDomainSessionTable
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
String ret = null;
- try {
+ try {
String basedn = cs.getString("internaldb.basedn");
String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
String filter = "(cn=" + sessionId + ")";
String[] attrs = { attr };
conn = getLDAPConn();
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
- if (res.getCount() > 0) {
+ if (res.getCount() > 0) {
LDAPEntry entry = res.next();
ret = entry.getAttribute(attr).getStringValueArray()[0];
}
- } catch(Exception e) {
+ } catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
}
@@ -261,7 +261,7 @@ public class LDAPSecurityDomainSessionTable
public int getSize() {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
- int ret =0;
+ int ret = 0;
try {
String basedn = cs.getString("internaldb.basedn");
@@ -272,7 +272,7 @@ public class LDAPSecurityDomainSessionTable
conn = getLDAPConn();
LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
ret = res.getCount();
- } catch(Exception e) {
+ } catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
}
@@ -286,8 +286,7 @@ public class LDAPSecurityDomainSessionTable
}
private LDAPConnection getLDAPConn()
- throws IOException
- {
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
String host = "";
@@ -303,8 +302,8 @@ public class LDAPSecurityDomainSessionTable
pwd = pwdStore.getPassword("internaldb");
}
- if ( pwd == null) {
- throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
+ if (pwd == null) {
+ throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
}
try {
@@ -329,11 +328,11 @@ public class LDAPSecurityDomainSessionTable
LDAPConnection conn = null;
if (security.equals("true")) {
- //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
} else {
- //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
+ //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
}
//CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
index e7fdbe3f..713cb170 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-
public class LoginServlet extends BaseServlet {
/**
@@ -52,7 +50,7 @@ public class LoginServlet extends BaseServlet {
if (pin == null) {
context.put("error", "");
} else {
- String cspin = CMS.getConfigStore().getString("preop.pin");
+ String cspin = CMS.getConfigStore().getString("preop.pin");
if (cspin != null && cspin.equals(pin)) {
// create session
@@ -62,7 +60,7 @@ public class LoginServlet extends BaseServlet {
return null;
} else {
context.put("error", "Login Failed");
- }
+ }
}
template = Velocity.getTemplate("admin/console/config/login.vm");
} catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
index a91ca979..760faed4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet {
*
*/
private static final long serialVersionUID = 2425301522251239666L;
- private static final String PROP_AUTHORITY_ID="authorityId";
+ private static final String PROP_AUTHORITY_ID = "authorityId";
private String mAuthorityId = null;
private String mFormPath = null;
@@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet {
form = getTemplate(mFormPath, request, locale);
} catch (IOException e) {
CMS.debug("MainPageServlet process: cant locate the form");
-/*
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+ /*
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ */
}
process(argSet, header, ctx, request, response);
@@ -90,21 +89,21 @@ public class MainPageServlet extends CMSServlet {
ServletOutputStream out = response.getOutputStream();
cmsReq.setStatus(CMSRequest.SUCCESS);
- response.setContentType("text/html");
- form.renderOutput(out, argSet);
+ response.setContentType("text/html");
+ form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
+ throws EBaseException {
- int num = 0;
+ int num = 0;
IArgBlock rarg = null;
IConfigStore cs = CMS.getConfigStore();
int state = 0;
@@ -125,8 +124,8 @@ public class MainPageServlet extends CMSServlet {
rarg = CMS.createArgBlock();
rarg.addStringValue("type", "admin");
rarg.addStringValue("prefix", "http");
- rarg.addIntegerValue("port",
- Integer.valueOf(CMS.getEENonSSLPort()).intValue());
+ rarg.addIntegerValue("port",
+ Integer.valueOf(CMS.getEENonSSLPort()).intValue());
rarg.addStringValue("host", host);
rarg.addStringValue("uri", adminInterface);
argSet.addRepeatRecord(rarg);
@@ -136,8 +135,8 @@ public class MainPageServlet extends CMSServlet {
rarg = CMS.createArgBlock();
rarg.addStringValue("type", "ee");
rarg.addStringValue("prefix", "https");
- rarg.addIntegerValue("port",
- Integer.valueOf(CMS.getEESSLPort()).intValue());
+ rarg.addIntegerValue("port",
+ Integer.valueOf(CMS.getEESSLPort()).intValue());
rarg.addStringValue("host", host);
rarg.addStringValue("uri", eeInterface);
argSet.addRepeatRecord(rarg);
@@ -147,8 +146,8 @@ public class MainPageServlet extends CMSServlet {
rarg = CMS.createArgBlock();
rarg.addStringValue("type", "agent");
rarg.addStringValue("prefix", "https");
- rarg.addIntegerValue("port",
- Integer.valueOf(CMS.getAgentPort()).intValue());
+ rarg.addIntegerValue("port",
+ Integer.valueOf(CMS.getAgentPort()).intValue());
rarg.addStringValue("host", host);
rarg.addStringValue("uri", agentInterface);
argSet.addRepeatRecord(rarg);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
index 38185a33..f33b1023 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -50,19 +49,21 @@ public class ModulePanel extends WizardPanelBase {
private Vector mOtherModules = null;
private Hashtable mCurrModTable = new Hashtable();
private WizardServlet mServlet = null;
- public ModulePanel() {}
+
+ public ModulePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Key Store");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Key Store");
setId(id);
@@ -71,7 +72,7 @@ public class ModulePanel extends WizardPanelBase {
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
- cs.putBoolean("preop.ModulePanel.done",false);
+ cs.putBoolean("preop.ModulePanel.done", false);
}
public void loadCurrModTable() {
@@ -142,14 +143,14 @@ public class ModulePanel extends WizardPanelBase {
CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn());
CMS.debug("ModulePanel: token is present?" + token.isPresent());
if (!token.getName().equals("Internal Crypto Services Token") &&
- !token.getName().equals("NSS Generic Crypto Services")) {
+ !token.getName().equals("NSS Generic Crypto Services")) {
module.addToken(token);
} else {
CMS.debug(
"ModulePanel: token " + token.getName()
- + " not to be added");
+ + " not to be added");
}
-
+
} catch (TokenException ex) {
CMS.debug("ModulePanel:" + ex.toString());
}
@@ -181,11 +182,11 @@ public class ModulePanel extends WizardPanelBase {
if ((cn == null) || (cn.equals(""))) {
break;
}
-
+
CMS.debug("ModulePanel: got from config module: " + cn);
// create a Module object
Module module = new Module(cn, pn, img);
-
+
if (mCurrModTable.containsKey(cn)) {
CMS.debug("ModulePanel: module found: " + cn);
module.setFound(true);
@@ -194,7 +195,7 @@ public class ModulePanel extends WizardPanelBase {
loadModTokens(module, m);
}
-
+
CMS.debug("ModulePanel: adding module " + cn);
// add module to set
if (!mSupportedModules.contains(module)) {
@@ -214,13 +215,13 @@ public class ModulePanel extends WizardPanelBase {
// it a token choice. Available tokens are discovered dynamically so
// can't be a real CHOICE
PropertySet set = new PropertySet();
-
+
Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
null, /* default parameter */
"module token selection");
set.add("choice", tokenDesc);
-
+
return set;
}
@@ -235,7 +236,8 @@ public class ModulePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -272,8 +274,8 @@ public class ModulePanel extends WizardPanelBase {
context.put("oms", mOtherModules);
context.put("sms", mSupportedModules);
// context.put("status_token", "None");
- String subpanelno = String.valueOf(getPanelNo()+1);
- CMS.debug("ModulePanel subpanelno =" +subpanelno);
+ String subpanelno = String.valueOf(getPanelNo() + 1);
+ CMS.debug("ModulePanel subpanelno =" + subpanelno);
context.put("subpanelno", subpanelno);
context.put("panel", "admin/console/config/modulepanel.vm");
}
@@ -292,7 +294,7 @@ public class ModulePanel extends WizardPanelBase {
public void update(HttpServletRequest request,
HttpServletResponse response,
Context context) throws IOException {
- boolean hasErr = false;
+ boolean hasErr = false;
try {
// get the value of the choice
@@ -306,13 +308,13 @@ public class ModulePanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
String oldtokenname = config.getString("preop.module.token", "");
- if (!oldtokenname.equals(select))
+ if (!oldtokenname.equals(select))
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
- if (hasErr == false) {
- config.putString("preop.module.token", select);
- config.putBoolean("preop.ModulePanel.done", true);
- }
+ if (hasErr == false) {
+ config.putString("preop.module.token", select);
+ config.putBoolean("preop.ModulePanel.done", true);
+ }
config.commit(false);
context.put("updateStatus", "success");
} catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
index a0a627ee..1c67654b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-
public class ModuleServlet extends BaseServlet {
/**
@@ -38,10 +36,10 @@ public class ModuleServlet extends BaseServlet {
/**
* Collect information on where keys are to be generated.
* Once collected, write to CS.cfg:
- * "preop.module=soft"
- * or
- * "preop.module=hard"
- *
+ * "preop.module=soft"
+ * or
+ * "preop.module=hard"
+ *
* <ul>
* <li>http.param selection "soft" or "hard" for software token or hardware token
* </ul>
@@ -76,7 +74,7 @@ public class ModuleServlet extends BaseServlet {
CMS.debug("ModuleServlet: illegal selection: " + selection);
context.put("error", "failed selection");
}
-
+
} else {
CMS.debug("ModuleServlet: no selection");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index ec3686e9..1a1fccdf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -54,19 +53,20 @@ public class NamePanel extends WizardPanelBase {
private Vector mCerts = null;
private WizardServlet mServlet = null;
- public NamePanel() {}
+ public NamePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Subject Names");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Subject Names");
setId(id);
@@ -80,25 +80,25 @@ public class NamePanel extends WizardPanelBase {
PropertySet set = new PropertySet();
Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
+ null, /* no default parameter */
"CA Signing Certificate's DN");
set.add("caDN", caDN);
Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
+ null, /* no default parameter */
"SSL Server Certificate's DN");
set.add("sslDN", sslDN);
Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
+ null, /* no default parameter */
"CA Subsystem Certificate's DN");
set.add("subsystemDN", subsystemDN);
Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
+ null, /* no default parameter */
"OCSP Signing Certificate's DN");
set.add("ocspDN", ocspDN);
@@ -124,7 +124,7 @@ public class NamePanel extends WizardPanelBase {
StringTokenizer st = new StringTokenizer(list, ",");
while (st.hasMoreTokens()) {
String t = st.nextToken();
- cs.remove("preop.cert."+t+".done");
+ cs.remove("preop.cert." + t + ".done");
}
try {
@@ -142,7 +142,8 @@ public class NamePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -185,10 +186,10 @@ public class NamePanel extends WizardPanelBase {
cstype = config.getString("cs.type", "");
context.put("select", select);
if (cstype.equals("CA") && hselect.equals("root")) {
- CMS.debug("NamePanel ca is root");
+ CMS.debug("NamePanel ca is root");
context.put("isRoot", "true");
} else {
- CMS.debug("NamePanel not ca or not root");
+ CMS.debug("NamePanel not ca or not root");
context.put("isRoot", "false");
}
} catch (Exception e) {
@@ -227,27 +228,27 @@ public class NamePanel extends WizardPanelBase {
String type = config.getString(PCERT_PREFIX + certTag + ".type");
c.setType(type);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
c.setEnable(enable);
- String cert = config.getString(subsystem +"."+certTag +".cert", "");
- String certreq =
- config.getString(subsystem + "." +certTag +".certreq", "");
+ String cert = config.getString(subsystem + "." + certTag + ".cert", "");
+ String certreq =
+ config.getString(subsystem + "." + certTag + ".certreq", "");
String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
- boolean override = config.getBoolean(PCERT_PREFIX + certTag +
- ".cncomponent.override", true);
- //o_sd is to add o=secritydomainname
+ boolean override = config.getBoolean(PCERT_PREFIX + certTag +
+ ".cncomponent.override", true);
+ //o_sd is to add o=secritydomainname
boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag +
- "o_securitydomain", true);
- domainname = config.getString("securitydomain.name", "");
- CMS.debug("NamePanel: display() override is "+override);
- CMS.debug("NamePanel: display() o_securitydomain is "+o_sd);
- CMS.debug("NamePanel: display() domainname is "+domainname);
+ "o_securitydomain", true);
+ domainname = config.getString("securitydomain.name", "");
+ CMS.debug("NamePanel: display() override is " + override);
+ CMS.debug("NamePanel: display() o_securitydomain is " + o_sd);
+ CMS.debug("NamePanel: display() domainname is " + domainname);
boolean dnUpdated = false;
try {
- dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN");
+ dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN");
} catch (Exception e) {
}
@@ -259,16 +260,16 @@ public class NamePanel extends WizardPanelBase {
if (select.equals("clone") || dnUpdated) {
c.setDN(dn);
} else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) {
- CMS.debug("NamePanel subsystemCount = "+count);
- c.setDN(dn + " "+count+
- ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
- ((o_sd)? (",O=" + domainname):""));
- config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+ CMS.debug("NamePanel subsystemCount = " + count);
+ c.setDN(dn + " " + count +
+ ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
+ ((o_sd) ? (",O=" + domainname) : ""));
+ config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
} else {
- c.setDN(dn +
- ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
- ((o_sd)? (",O=" + domainname):""));
- config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+ c.setDN(dn +
+ ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
+ ((o_sd) ? (",O=" + domainname) : ""));
+ config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
}
}
@@ -302,7 +303,8 @@ public class NamePanel extends WizardPanelBase {
try {
config.putString("preop.ca.list", list.toString());
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
context.put("urls", v);
@@ -338,20 +340,20 @@ public class NamePanel extends WizardPanelBase {
* update some parameters for clones
*/
public void updateCloneConfig(IConfigStore config)
- throws EBaseException, IOException {
+ throws EBaseException, IOException {
String cstype = config.getString("cs.type", null);
cstype = toLowerCaseSubsystemType(cstype);
if (cstype.equals("kra")) {
String token = config.getString(PRE_CONF_CA_TOKEN);
if (!token.equals("Internal Key Storage Token")) {
- CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
+ CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem");
String storageNickname = getNickname(config, "storage");
String transportNickname = getNickname(config, "transport");
config.putString(subsystem + ".storageUnit.hardware", token);
- config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname);
- config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname);
+ config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname);
+ config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname);
config.commit(false);
} else { // software token
// parameters already set
@@ -361,12 +363,12 @@ public class NamePanel extends WizardPanelBase {
// audit signing cert
String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", "");
String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", "");
- if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
+ if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- audit_tk + ":" + audit_nn);
+ audit_tk + ":" + audit_nn);
} else {
config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- audit_nn);
+ audit_nn);
}
}
@@ -374,7 +376,7 @@ public class NamePanel extends WizardPanelBase {
* get some of the "preop" parameters to persisting parameters
*/
public void updateConfig(IConfigStore config, String certTag)
- throws EBaseException, IOException {
+ throws EBaseException, IOException {
String token = config.getString(PRE_CONF_CA_TOKEN);
String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
CMS.debug("NamePanel: subsystem " + subsystem);
@@ -393,30 +395,30 @@ public class NamePanel extends WizardPanelBase {
String cstype = config.getString("cs.type", null);
cstype = toLowerCaseSubsystemType(cstype);
if (cstype.equals("kra")) {
- if (!token.equals("Internal Key Storage Token")) {
- if (certTag.equals("storage")) {
- config.putString(subsystem + ".storageUnit.hardware", token);
- config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname);
- } else if (certTag.equals("transport")) {
- config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname);
- }
- } else { // software token
- if (certTag.equals("storage")) {
- config.putString(subsystem + ".storageUnit.nickName", nickname);
- } else if (certTag.equals("transport")) {
- config.putString(subsystem + ".transportUnit.nickName", nickname);
- }
- }
+ if (!token.equals("Internal Key Storage Token")) {
+ if (certTag.equals("storage")) {
+ config.putString(subsystem + ".storageUnit.hardware", token);
+ config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname);
+ } else if (certTag.equals("transport")) {
+ config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname);
+ }
+ } else { // software token
+ if (certTag.equals("storage")) {
+ config.putString(subsystem + ".storageUnit.nickName", nickname);
+ } else if (certTag.equals("transport")) {
+ config.putString(subsystem + ".transportUnit.nickName", nickname);
+ }
+ }
}
String serverCertNickname = nickname;
String path = CMS.getConfigStore().getString("instanceRoot", "");
if (certTag.equals("sslserver")) {
- if (!token.equals("Internal Key Storage Token")) {
- serverCertNickname = token+":"+nickname;
+ if (!token.equals("Internal Key Storage Token")) {
+ serverCertNickname = token + ":" + nickname;
}
- File file = new File(path+"/conf/serverCertNick.conf");
- PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf"));
+ File file = new File(path + "/conf/serverCertNick.conf");
+ PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf"));
ps.println(serverCertNickname);
ps.close();
}
@@ -424,13 +426,13 @@ public class NamePanel extends WizardPanelBase {
config.putString(subsystem + "." + certTag + ".nickname", nickname);
config.putString(subsystem + "." + certTag + ".tokenname", token);
if (certTag.equals("audit_signing")) {
- if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- token + ":" + nickname);
- } else {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- nickname);
- }
+ if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+ config.putString("log.instance.SignedAudit.signedAuditCertNickname",
+ token + ":" + nickname);
+ } else {
+ config.putString("log.instance.SignedAudit.signedAuditCertNickname",
+ nickname);
+ }
}
/*
config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
@@ -438,9 +440,9 @@ public class NamePanel extends WizardPanelBase {
*/
// for system certs verification
- if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+ if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
config.putString(subsystem + ".cert." + certTag + ".nickname",
- token + ":" + nickname);
+ token + ":" + nickname);
} else {
config.putString(subsystem + ".cert." + certTag + ".nickname", nickname);
}
@@ -459,7 +461,7 @@ public class NamePanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
String caType = certObj.getType();
- CMS.debug("NamePanel: in configCert caType is "+ caType);
+ CMS.debug("NamePanel: in configCert caType is " + caType);
X509CertImpl cert = null;
String certTag = certObj.getCertTag();
@@ -469,13 +471,13 @@ public class NamePanel extends WizardPanelBase {
String v = config.getString("preop.ca.type", "");
CMS.debug("NamePanel configCert: remote CA");
- String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
- certObj, context);
+ String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
+ certObj, context);
certObj.setRequest(pkcs10);
String subsystem = config.getString(
PCERT_PREFIX + certTag + ".subsystem");
config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
- String profileId = config.getString(PCERT_PREFIX+certTag+".profile");
+ String profileId = config.getString(PCERT_PREFIX + certTag + ".profile");
String session_id = CMS.getConfigSDSessionId();
String sd_hostname = "";
int sd_ee_port = -1;
@@ -483,15 +485,15 @@ public class NamePanel extends WizardPanelBase {
sd_hostname = config.getString("securitydomain.host", "");
sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
} catch (Exception ee) {
- CMS.debug("NamePanel: configCert() exception caught:"+ee.toString());
+ CMS.debug("NamePanel: configCert() exception caught:" + ee.toString());
}
String sysType = config.getString("cs.type", "");
String machineName = config.getString("machineName", "");
String securePort = config.getString("service.securePort", "");
if (certTag.equals("subsystem")) {
- String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
- cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
- content, response, this);
+ String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id;
+ cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
+ content, response, this);
if (cert == null) {
throw new IOException("Error: remote certificate is null");
}
@@ -504,18 +506,18 @@ public class NamePanel extends WizardPanelBase {
} catch (Exception ee) {
}
- String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
- cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
- content, response, this);
+ String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id;
+ cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
+ content, response, this);
if (cert == null) {
throw new IOException("Error: remote certificate is null");
}
} else if (v.equals("otherca")) {
config.putString(subsystem + "." + certTag + ".cert",
"...paste certificate here...");
- } else {
+ } else {
CMS.debug("NamePanel: no preop.ca.type is provided");
- }
+ }
} else { // not remote CA, ie, self-signed or local
ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID);
@@ -524,76 +526,76 @@ public class NamePanel extends WizardPanelBase {
CMS.debug(
"The value for " + s
- + " should be remote, nothing else.");
+ + " should be remote, nothing else.");
throw new IOException(
"The value for " + s + " should be remote");
- }
-
+ }
+
String pubKeyType = config.getString(
PCERT_PREFIX + certTag + ".keytype");
if (pubKeyType.equals("rsa")) {
- String pubKeyModulus = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.exponent");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+ String pubKeyModulus = config.getString(
+ PCERT_PREFIX + certTag + ".pubkey.modulus");
+ String pubKeyPublicExponent = config.getString(
+ PCERT_PREFIX + certTag + ".pubkey.exponent");
+ String subsystem = config.getString(
+ PCERT_PREFIX + certTag + ".subsystem");
- if (certTag.equals("signing")) {
- X509Key x509key = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
-
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- } else {
- String cacert = config.getString("ca.signing.cert", "");
-
- if (cacert.equals("") || cacert.startsWith("...")) {
- certObj.setCert(
- "...certificate be generated internally...");
- config.putString(subsystem + "." + certTag + ".cert",
- "...certificate be generated internally...");
- } else {
+ if (certTag.equals("signing")) {
X509Key x509key = CryptoUtil.getPublicX509Key(
CryptoUtil.string2byte(pubKeyModulus),
CryptoUtil.string2byte(pubKeyPublicExponent));
cert = CertUtil.createLocalCert(config, x509key,
PCERT_PREFIX, certTag, caType, context);
+ } else {
+ String cacert = config.getString("ca.signing.cert", "");
+
+ if (cacert.equals("") || cacert.startsWith("...")) {
+ certObj.setCert(
+ "...certificate be generated internally...");
+ config.putString(subsystem + "." + certTag + ".cert",
+ "...certificate be generated internally...");
+ } else {
+ X509Key x509key = CryptoUtil.getPublicX509Key(
+ CryptoUtil.string2byte(pubKeyModulus),
+ CryptoUtil.string2byte(pubKeyPublicExponent));
+
+ cert = CertUtil.createLocalCert(config, x509key,
+ PCERT_PREFIX, certTag, caType, context);
+ }
}
- }
} else if (pubKeyType.equals("ecc")) {
- String pubKeyEncoded = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.encoded");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
-
- if (certTag.equals("signing")) {
+ String pubKeyEncoded = config.getString(
+ PCERT_PREFIX + certTag + ".pubkey.encoded");
+ String subsystem = config.getString(
+ PCERT_PREFIX + certTag + ".subsystem");
- X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- } else {
- String cacert = config.getString("ca.signing.cert", "");
-
- if (cacert.equals("") || cacert.startsWith("...")) {
- certObj.setCert(
- "...certificate be generated internally...");
- config.putString(subsystem + "." + certTag + ".cert",
- "...certificate be generated internally...");
- } else {
- X509Key x509key = CryptoUtil.getPublicX509ECCKey(
- CryptoUtil.string2byte(pubKeyEncoded));
+ if (certTag.equals("signing")) {
+ X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
cert = CertUtil.createLocalCert(config, x509key,
PCERT_PREFIX, certTag, caType, context);
+ } else {
+ String cacert = config.getString("ca.signing.cert", "");
+
+ if (cacert.equals("") || cacert.startsWith("...")) {
+ certObj.setCert(
+ "...certificate be generated internally...");
+ config.putString(subsystem + "." + certTag + ".cert",
+ "...certificate be generated internally...");
+ } else {
+ X509Key x509key = CryptoUtil.getPublicX509ECCKey(
+ CryptoUtil.string2byte(pubKeyEncoded));
+
+ cert = CertUtil.createLocalCert(config, x509key,
+ PCERT_PREFIX, certTag, caType, context);
+ }
}
- }
} else {
- // invalid key type
- CMS.debug("Invalid key type " + pubKeyType);
+ // invalid key type
+ CMS.debug("Invalid key type " + pubKeyType);
}
if (cert != null) {
if (certTag.equals("subsystem"))
@@ -605,7 +607,7 @@ public class NamePanel extends WizardPanelBase {
byte[] certb = cert.getEncoded();
String certs = CryptoUtil.base64Encode(certb);
- // certObj.setCert(certs);
+ // certObj.setCert(certs);
String subsystem = config.getString(
PCERT_PREFIX + certTag + ".subsystem");
config.putString(subsystem + "." + certTag + ".cert", certs);
@@ -617,58 +619,57 @@ public class NamePanel extends WizardPanelBase {
CMS.debug("NamePanel configCert() exception caught:" + e.toString());
}
}
-
+
public void configCertWithTag(HttpServletRequest request,
HttpServletResponse response,
- Context context, String tag) throws IOException
- {
- CMS.debug("NamePanel: configCertWithTag start");
- Enumeration c = mCerts.elements();
- IConfigStore config = CMS.getConfigStore();
-
- while (c.hasMoreElements()) {
- Cert cert = (Cert) c.nextElement();
- String ct = cert.getCertTag();
- CMS.debug("NamePanel: configCertWithTag ct=" + ct +
- " tag=" +tag);
- if (ct.equals(tag)) {
- try {
- String nickname = HttpInput.getNickname(request, ct + "_nick");
- if (nickname != null) {
- CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
- config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
- cert.setNickname(nickname);
- config.commit(false);
- }
- String dn = HttpInput.getDN(request, ct);
- if (dn != null) {
- config.putString(PCERT_PREFIX + ct + ".dn", dn);
- config.commit(false);
- }
- } catch (Exception e) {
- CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
- }
+ Context context, String tag) throws IOException {
+ CMS.debug("NamePanel: configCertWithTag start");
+ Enumeration c = mCerts.elements();
+ IConfigStore config = CMS.getConfigStore();
- configCert(request, response, context, cert);
- CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
- return;
+ while (c.hasMoreElements()) {
+ Cert cert = (Cert) c.nextElement();
+ String ct = cert.getCertTag();
+ CMS.debug("NamePanel: configCertWithTag ct=" + ct +
+ " tag=" + tag);
+ if (ct.equals(tag)) {
+ try {
+ String nickname = HttpInput.getNickname(request, ct + "_nick");
+ if (nickname != null) {
+ CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
+ config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
+ cert.setNickname(nickname);
+ config.commit(false);
+ }
+ String dn = HttpInput.getDN(request, ct);
+ if (dn != null) {
+ config.putString(PCERT_PREFIX + ct + ".dn", dn);
+ config.commit(false);
+ }
+ } catch (Exception e) {
+ CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
}
- }
- CMS.debug("NamePanel: configCertWithTag done");
+
+ configCert(request, response, context, cert);
+ CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
+ return;
+ }
+ }
+ CMS.debug("NamePanel: configCertWithTag done");
}
private boolean inputChanged(HttpServletRequest request)
- throws IOException {
- IConfigStore config = CMS.getConfigStore();
-
+ throws IOException {
+ IConfigStore config = CMS.getConfigStore();
+
boolean hasChanged = false;
try {
Enumeration c = mCerts.elements();
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
- String ct = cert.getCertTag();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ String ct = cert.getCertTag();
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
if (!enable)
continue;
@@ -679,10 +680,10 @@ public class NamePanel extends WizardPanelBase {
if (!olddn.equals(dn))
hasChanged = true;
- String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
- String nick = HttpInput.getNickname(request, ct + "_nick");
- if (!oldnick.equals(nick))
- hasChanged = true;
+ String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
+ String nick = HttpInput.getNickname(request, ct + "_nick");
+ if (!oldnick.equals(nick))
+ hasChanged = true;
}
} catch (Exception e) {
@@ -690,34 +691,34 @@ public class NamePanel extends WizardPanelBase {
return hasChanged;
}
-
- public String getURL(HttpServletRequest request, IConfigStore config)
- {
+
+ public String getURL(HttpServletRequest request, IConfigStore config) {
String index = request.getParameter("urls");
- if (index == null){
- return null;
+ if (index == null) {
+ return null;
}
String url = "";
if (index.startsWith("http")) {
- // user may submit url directlry
- url = index;
+ // user may submit url directlry
+ url = index;
} else {
- try {
- int x = Integer.parseInt(index);
- String list = config.getString("preop.ca.list", "");
- StringTokenizer tokenizer = new StringTokenizer(list, ",");
- int counter = 0;
-
- while (tokenizer.hasMoreTokens()) {
- url = tokenizer.nextToken();
- if (counter == x) {
- break;
+ try {
+ int x = Integer.parseInt(index);
+ String list = config.getString("preop.ca.list", "");
+ StringTokenizer tokenizer = new StringTokenizer(list, ",");
+ int counter = 0;
+
+ while (tokenizer.hasMoreTokens()) {
+ url = tokenizer.nextToken();
+ if (counter == x) {
+ break;
+ }
+ counter++;
}
- counter++;
+ } catch (Exception e) {
}
- } catch (Exception e) {}
}
- return url;
+ return url;
}
/**
@@ -727,7 +728,7 @@ public class NamePanel extends WizardPanelBase {
HttpServletResponse response,
Context context) throws IOException {
CMS.debug("NamePanel: in update()");
- boolean hasErr = false;
+ boolean hasErr = false;
if (inputChanged(request)) {
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
@@ -736,7 +737,7 @@ public class NamePanel extends WizardPanelBase {
return;
}
- IConfigStore config = CMS.getConfigStore();
+ IConfigStore config = CMS.getConfigStore();
String hselect = "";
ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
@@ -750,13 +751,13 @@ public class NamePanel extends WizardPanelBase {
configCertWithTag(request, response, context, "sslserver");
String url = getURL(request, config);
if (url != null && !url.equals("External CA")) {
- // preop.ca.url and admin port are required for setting KRA connector
- url = url.substring(url.indexOf("https"));
- config.putString("preop.ca.url", url);
+ // preop.ca.url and admin port are required for setting KRA connector
+ url = url.substring(url.indexOf("https"));
+ config.putString("preop.ca.url", url);
- URL urlx = new URL(url);
- updateCloneSDCAInfo(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
+ URL urlx = new URL(url);
+ updateCloneSDCAInfo(request, context, urlx.getHost(),
+ Integer.toString(urlx.getPort()));
}
updateCloneConfig(config);
@@ -771,49 +772,50 @@ public class NamePanel extends WizardPanelBase {
}
//if no hselect, then not CA
- if (hselect.equals("") || hselect.equals("join")) {
- String select = null;
- String url = getURL(request, config);
-
- URL urlx = null;
-
- if (url.equals("External CA")) {
- CMS.debug("NamePanel: external CA selected");
- select = "otherca";
- config.putString("preop.ca.type", "otherca");
- if (subsystem != null) {
- config.putString(PCERT_PREFIX+"signing.type", "remote");
- }
+ if (hselect.equals("") || hselect.equals("join")) {
+ String select = null;
+ String url = getURL(request, config);
+
+ URL urlx = null;
+
+ if (url.equals("External CA")) {
+ CMS.debug("NamePanel: external CA selected");
+ select = "otherca";
+ config.putString("preop.ca.type", "otherca");
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ }
- config.putString("preop.ca.pkcs7", "");
- config.putInteger("preop.ca.certchain.size", 0);
- context.put("check_otherca", "checked");
- CMS.debug("NamePanel: update: this is the external CA.");
- } else {
- CMS.debug("NamePanel: local CA selected");
- select = "sdca";
- // parse URL (CA1 - https://...)
- url = url.substring(url.indexOf("https"));
- config.putString("preop.ca.url", url);
-
- urlx = new URL(url);
- config.putString("preop.ca.type", "sdca");
- CMS.debug("NamePanel: update: this is a CA in the security domain.");
- context.put("check_sdca", "checked");
- sdca(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
- if (subsystem != null) {
- config.putString(PCERT_PREFIX + "signing.type", "remote");
- config.putString(PCERT_PREFIX + "signing.profile",
- "caInstallCACert");
+ config.putString("preop.ca.pkcs7", "");
+ config.putInteger("preop.ca.certchain.size", 0);
+ context.put("check_otherca", "checked");
+ CMS.debug("NamePanel: update: this is the external CA.");
+ } else {
+ CMS.debug("NamePanel: local CA selected");
+ select = "sdca";
+ // parse URL (CA1 - https://...)
+ url = url.substring(url.indexOf("https"));
+ config.putString("preop.ca.url", url);
+
+ urlx = new URL(url);
+ config.putString("preop.ca.type", "sdca");
+ CMS.debug("NamePanel: update: this is a CA in the security domain.");
+ context.put("check_sdca", "checked");
+ sdca(request, context, urlx.getHost(),
+ Integer.toString(urlx.getPort()));
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ config.putString(PCERT_PREFIX + "signing.profile",
+ "caInstallCACert");
+ }
}
- }
- try {
- config.commit(false);
- } catch (Exception e) {}
+ try {
+ config.commit(false);
+ } catch (Exception e) {
+ }
- }
+ }
try {
@@ -821,13 +823,13 @@ public class NamePanel extends WizardPanelBase {
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
- String ct = cert.getCertTag();
+ String ct = cert.getCertTag();
String tokenname = cert.getTokenname();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
if (!enable)
continue;
- boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false);
+ boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false);
if (certDone)
continue;
@@ -850,32 +852,32 @@ public class NamePanel extends WizardPanelBase {
try {
configCert(request, response, context, cert);
- config.putBoolean("preop.cert."+cert.getCertTag()+".done",
- true);
+ config.putBoolean("preop.cert." + cert.getCertTag() + ".done",
+ true);
config.commit(false);
} catch (Exception e) {
CMS.debug(
"NamePanel: update() exception caught:"
+ e.toString());
- hasErr = true;
+ hasErr = true;
System.err.println("Exception caught: " + e.toString());
}
} // while
- if (hasErr == false) {
- config.putBoolean("preop.NamePanel.done", true);
- config.commit(false);
- }
+ if (hasErr == false) {
+ config.putBoolean("preop.NamePanel.done", true);
+ config.commit(false);
+ }
} catch (Exception e) {
CMS.debug("NamePanel: Exception caught: " + e.toString());
System.err.println("Exception caught: " + e.toString());
}// try
-
try {
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (!hasErr) {
context.put("updateStatus", "success");
@@ -897,15 +899,15 @@ public class NamePanel extends WizardPanelBase {
// Retrieve the associated HTTPS Admin port so that it
// may be stored for use with ImportAdminCertPanel
- https_admin_port = getSecurityDomainAdminPort( config,
+ https_admin_port = getSecurityDomainAdminPort(config,
hostname,
httpsPortStr,
- "CA" );
+ "CA");
int httpsport = -1;
try {
- httpsport = Integer.parseInt(httpsPortStr);
+ httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
CMS.debug(
"NamePanel update: Https port is not valid. Exception: "
@@ -934,15 +936,15 @@ public class NamePanel extends WizardPanelBase {
// Retrieve the associated HTTPS Admin port so that it
// may be stored for use with ImportAdminCertPanel
- https_admin_port = getSecurityDomainAdminPort( config,
+ https_admin_port = getSecurityDomainAdminPort(config,
hostname,
httpsPortStr,
- "CA" );
+ "CA");
int httpsport = -1;
try {
- httpsport = Integer.parseInt(httpsPortStr);
+ httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
CMS.debug(
"NamePanel update: Https port is not valid. Exception: "
@@ -954,21 +956,19 @@ public class NamePanel extends WizardPanelBase {
config.putString("preop.ca.httpsport", httpsPortStr);
config.putString("preop.ca.httpsadminport", https_admin_port);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChainUsingSecureEEPort( config, "ca", hostname,
+ updateCertChainUsingSecureEEPort(config, "ca", hostname,
httpsport, true, context,
- certApprovalCallback );
+ certApprovalCallback);
try {
- CMS.debug("Importing CA chain");
- importCertChain("ca");
+ CMS.debug("Importing CA chain");
+ importCertChain("ca");
} catch (Exception e1) {
- CMS.debug("Failed in importing CA chain");
+ CMS.debug("Failed in importing CA chain");
}
}
-
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
context.put("certs", mCerts);
}
@@ -977,10 +977,9 @@ public class NamePanel extends WizardPanelBase {
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
- Context context)
- {
+ Context context) {
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
context.put("title", "Subject Names");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
index cf37fdff..8ca70bd4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@@ -53,7 +52,7 @@ import com.netscape.cmsutil.xml.XMLObject;
* This servlet creates a TPS user in the CA,
* and it associates TPS's server certificate to
* the user. Finally, it addes the user to the
- * administrator group. This procedure will
+ * administrator group. This procedure will
* allows TPS to connect to the CA for certificate
* issuance.
*/
@@ -68,8 +67,7 @@ public class RegisterUser extends CMSServlet {
private final static String AUTH_FAILURE = "2";
private String mGroupName = null;
private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
+ "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
public RegisterUser() {
super();
@@ -77,6 +75,7 @@ public class RegisterUser extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -88,7 +87,7 @@ public class RegisterUser extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateUpdater: processing...");
@@ -102,9 +101,9 @@ public class RegisterUser extends CMSServlet {
CMS.debug("RegisterUser authentication successful.");
} catch (Exception e) {
CMS.debug("RegisterUser: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -117,19 +116,19 @@ public class RegisterUser extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
CMS.debug("RegisterUser authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -150,93 +149,93 @@ public class RegisterUser extends CMSServlet {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
- "+Resource;;"+ uid +
- "+fullname;;"+ name +
+ String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
+ "+Resource;;" + uid +
+ "+fullname;;" + name +
"+state;;1" +
"+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
- IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+ IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
IUser user = null;
boolean foundByCert = false;
X509Certificate certs[] = new X509Certificate[1];
try {
- byte bCert[] = null;
- X509CertImpl cert = null;
- bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
- cert = new X509CertImpl(bCert);
- certs[0] = (X509Certificate)cert;
-
- // test to see if the cert already belongs to a user
- ICertUserLocator cul = ugsys.getCertUserLocator();
- com.netscape.certsrv.usrgrp.Certificates c =
- new com.netscape.certsrv.usrgrp.Certificates(certs);
- user = (IUser) cul.locateUser(c);
+ byte bCert[] = null;
+ X509CertImpl cert = null;
+ bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
+ cert = new X509CertImpl(bCert);
+ certs[0] = (X509Certificate) cert;
+
+ // test to see if the cert already belongs to a user
+ ICertUserLocator cul = ugsys.getCertUserLocator();
+ com.netscape.certsrv.usrgrp.Certificates c =
+ new com.netscape.certsrv.usrgrp.Certificates(certs);
+ user = (IUser) cul.locateUser(c);
} catch (Exception ec) {
- CMS.debug("RegisterUser: exception thrown: "+ec.toString());
+ CMS.debug("RegisterUser: exception thrown: " + ec.toString());
}
if (user == null) {
- CMS.debug("RegisterUser NOT found user by cert");
- try {
- user = ugsys.getUser(uid);
- CMS.debug("RegisterUser found user by uid "+uid);
- } catch (Exception eee) {
- }
+ CMS.debug("RegisterUser NOT found user by cert");
+ try {
+ user = ugsys.getUser(uid);
+ CMS.debug("RegisterUser found user by uid " + uid);
+ } catch (Exception eee) {
+ }
} else {
- foundByCert = true;
- CMS.debug("RegisterUser found user by cert");
+ foundByCert = true;
+ CMS.debug("RegisterUser found user by cert");
}
-
- try {
-
- if (user == null) {
- // create user only if such user does not exist
- user = ugsys.createUser(uid);
- user.setFullName(name);
- user.setState("1");
- user.setUserType("");
- user.setEmail("");
- user.setPhone("");
- user.setPassword("");
-
- ugsys.addUser(user);
- CMS.debug("RegisterUser created user " + uid);
- auditMessage = CMS.getLogMessage(
+
+ try {
+
+ if (user == null) {
+ // create user only if such user does not exist
+ user = ugsys.createUser(uid);
+ user.setFullName(name);
+ user.setState("1");
+ user.setUserType("");
+ user.setEmail("");
+ user.setPhone("");
+ user.setPassword("");
+
+ ugsys.addUser(user);
+ CMS.debug("RegisterUser created user " + uid);
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.SUCCESS,
auditParams);
- audit(auditMessage);
- }
-
- // extract all line separators
- StringBuffer sb = new StringBuffer();
- for (int i = 0; i < certsString.length(); i++) {
- if (!Character.isWhitespace(certsString.charAt(i))) {
- sb.append(certsString.charAt(i));
- }
- }
- certsString = sb.toString();
-
- auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
- "+Resource;;"+ uid +
- "+cert;;"+certsString;
-
- user.setX509Certificates(certs);
- if (!foundByCert) {
- ugsys.addUserCert(user);
- CMS.debug("RegisterUser added user certificate");
- auditMessage = CMS.getLogMessage(
+ audit(auditMessage);
+ }
+
+ // extract all line separators
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < certsString.length(); i++) {
+ if (!Character.isWhitespace(certsString.charAt(i))) {
+ sb.append(certsString.charAt(i));
+ }
+ }
+ certsString = sb.toString();
+
+ auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
+ "+Resource;;" + uid +
+ "+cert;;" + certsString;
+
+ user.setX509Certificates(certs);
+ if (!foundByCert) {
+ ugsys.addUserCert(user);
+ CMS.debug("RegisterUser added user certificate");
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.SUCCESS,
auditParams);
- audit(auditMessage);
- } else
- CMS.debug("RegisterUser no need to add user certificate");
- } catch (Exception eee) {
+ audit(auditMessage);
+ } else
+ CMS.debug("RegisterUser no need to add user certificate");
+ } catch (Exception eee) {
CMS.debug("RegisterUser error " + eee.toString());
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
@@ -249,20 +248,19 @@ public class RegisterUser extends CMSServlet {
return;
}
-
// add user to the group
auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" +
- "+Resource;;"+ mGroupName;
+ "+Resource;;" + mGroupName;
try {
Enumeration groups = ugsys.findGroups(mGroupName);
- IGroup group = (IGroup)groups.nextElement();
+ IGroup group = (IGroup) groups.nextElement();
auditParams += "+user;;";
Enumeration members = group.getMemberNames();
while (members.hasMoreElements()) {
auditParams += (String) members.nextElement();
if (members.hasMoreElements()) {
- auditParams +=",";
+ auditParams += ",";
}
}
@@ -280,15 +278,15 @@ public class RegisterUser extends CMSServlet {
audit(auditMessage);
}
- } catch (Exception e) {
- auditMessage = CMS.getLogMessage(
+ } catch (Exception e) {
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.FAILURE,
auditParams);
- audit(auditMessage);
- }
+ audit(auditMessage);
+ }
// send success status back to the requestor
try {
@@ -305,12 +303,13 @@ public class RegisterUser extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 76f5a749..cc62fede 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
@@ -76,19 +75,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class RestoreKeyCertPanel extends WizardPanelBase {
- public RestoreKeyCertPanel() {}
+ public RestoreKeyCertPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Import Keys and Certificates");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Import Keys and Certificates");
setId(id);
@@ -99,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
*/
public boolean shouldSkip() {
CMS.debug("RestoreKeyCertPanel: should skip");
-
+
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
-
+
try {
- String select = cs.getString("preop.subsystem.select","");
+ String select = cs.getString("preop.subsystem.select", "");
if (select.equals("clone")) {
return false;
}
} catch (EBaseException e) {
}
-
+
return true;
}
@@ -138,15 +138,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -160,7 +161,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.pk12.path", "");
String type = config.getString("preop.subsystem.select", "");
@@ -201,7 +202,6 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
// throw new IOException("Path is empty");
// }
-
if (s != null && !s.equals("")) {
s = HttpInput.getPassword(request, "__password");
if (s == null || s.equals("")) {
@@ -217,15 +217,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
*/
public void update(HttpServletRequest request,
HttpServletResponse response,
- Context context) throws IOException
- {
+ Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String path = HttpInput.getString(request, "path");
if (path == null || path.equals("")) {
- // skip to next panel
+ // skip to next panel
config.putBoolean("preop.restorekeycert.done", true);
try {
- config.commit(false);
+ config.commit(false);
} catch (EBaseException e) {
}
getConfigEntriesFromMaster(request, response, context);
@@ -233,7 +232,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
return;
}
String pwd = HttpInput.getPassword(request, "__password");
-
+
String tokenn = "";
String instanceRoot = "";
@@ -246,7 +245,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
if (tokenn.equals("Internal Key Storage Token")) {
byte b[] = new byte[1000000];
FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path);
- while (fis.available() > 0)
+ while (fis.available() > 0)
fis.read(b);
fis.close();
@@ -256,10 +255,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
PFX pfx = null;
boolean verifypfx = false;
try {
- pfx = (PFX)(new PFX.Template()).decode(bis);
- verifypfx = pfx.verifyAuthSafes(password, reason);
+ pfx = (PFX) (new PFX.Template()).decode(bis);
+ verifypfx = pfx.verifyAuthSafes(password, reason);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
}
if (verifypfx) {
@@ -267,50 +266,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
AuthenticatedSafes safes = pfx.getAuthSafes();
Vector pkeyinfo_collection = new Vector();
Vector cert_collection = new Vector();
- for (int i=0; i<safes.getSize(); i++) {
+ for (int i = 0; i < safes.getSize(); i++) {
try {
- SEQUENCE scontent = safes.getSafeContentsAt(null, i);
- for (int j=0; j<scontent.size(); j++) {
- SafeBag bag = (SafeBag)scontent.elementAt(j);
+ SEQUENCE scontent = safes.getSafeContentsAt(null, i);
+ for (int j = 0; j < scontent.size(); j++) {
+ SafeBag bag = (SafeBag) scontent.elementAt(j);
OBJECT_IDENTIFIER oid = bag.getBagType();
if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) {
- EncryptedPrivateKeyInfo privkeyinfo =
- (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent();
+ EncryptedPrivateKeyInfo privkeyinfo =
+ (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent();
PasswordConverter passConverter = new PasswordConverter();
PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter());
Vector pkeyinfo_v = new Vector();
pkeyinfo_v.addElement(pkeyinfo);
SET bagAttrs = bag.getBagAttributes();
- for (int k=0; k<bagAttrs.size(); k++) {
- Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+ for (int k = 0; k < bagAttrs.size(); k++) {
+ Attribute attrs = (Attribute) bagAttrs.elementAt(k);
OBJECT_IDENTIFIER aoid = attrs.getType();
if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
SET val = attrs.getValues();
- ANY ss = (ANY)val.elementAt(0);
+ ANY ss = (ANY) val.elementAt(0);
ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
- BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+ BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
String s = sss.toString();
pkeyinfo_v.addElement(s);
}
}
pkeyinfo_collection.addElement(pkeyinfo_v);
} else if (oid.equals(SafeBag.CERT_BAG)) {
- CertBag cbag = (CertBag)bag.getInterpretedBagContent();
- OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert();
+ CertBag cbag = (CertBag) bag.getInterpretedBagContent();
+ OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert();
byte[] x509cert = str.toByteArray();
Vector cert_v = new Vector();
cert_v.addElement(x509cert);
SET bagAttrs = bag.getBagAttributes();
-
+
if (bagAttrs != null) {
- for (int k=0; k<bagAttrs.size(); k++) {
- Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+ for (int k = 0; k < bagAttrs.size(); k++) {
+ Attribute attrs = (Attribute) bagAttrs.elementAt(k);
OBJECT_IDENTIFIER aoid = attrs.getType();
if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
SET val = attrs.getValues();
- ANY ss = (ANY)val.elementAt(0);
+ ANY ss = (ANY) val.elementAt(0);
ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
- BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+ BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
String s = sss.toString();
cert_v.addElement(s);
}
@@ -321,10 +320,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
}
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
}
}
-
+
importkeycert(pkeyinfo_collection, cert_collection);
} else {
context.put("updateStatus", "failure");
@@ -342,7 +341,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
cstype = toLowerCaseSubsystemType(cstype);
if (subsystemtype.equals("clone")) {
- CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
+ CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
boolean cloneReady = isCertdbCloned(request, context);
if (!cloneReady) {
CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
@@ -363,7 +362,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
private void getConfigEntriesFromMaster(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
try {
IConfigStore config = CMS.getConfigStore();
String cstype = "";
@@ -388,14 +387,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
String content = "";
if (cstype.equals("ca") || cstype.equals("kra")) {
- content = "type=request&xmlOutput=true&sessionID="+session_id;
+ content = "type=request&xmlOutput=true&sessionID=" + session_id;
CMS.debug("http content=" + content);
updateNumberRange(master_hostname, master_ee_port, true, content, "request", response);
- content = "type=serialNo&xmlOutput=true&sessionID="+session_id;
+ content = "type=serialNo&xmlOutput=true&sessionID=" + session_id;
updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response);
- content = "type=replicaId&xmlOutput=true&sessionID="+session_id;
+ content = "type=replicaId&xmlOutput=true&sessionID=" + session_id;
updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response);
}
@@ -406,7 +405,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
StringBuffer c1 = new StringBuffer();
- StringBuffer s1 = new StringBuffer();
+ StringBuffer s1 = new StringBuffer();
StringTokenizer tok = new StringTokenizer(list, ",");
while (tok.hasMoreTokens()) {
String t1 = tok.nextToken();
@@ -438,8 +437,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
c1.append(t1);
c1.append(".pubkey.encoded");
-
- if (s1.length()!=0)
+ if (s1.length() != 0)
s1.append(",");
s1.append(cstype);
@@ -449,18 +447,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
if (!cstype.equals("ca")) {
c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type");
- }
+ }
if (cstype.equals("ca")) {
/* get ca connector details */
- if (s1.length()!=0)
+ if (s1.length() != 0)
s1.append(",");
s1.append("ca.connector.KRA");
}
- content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id;
+ content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id;
boolean success = updateConfigEntries(master_hostname, master_port, true,
- "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response);
+ "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response);
if (!success) {
context.put("errorString", "Failed to get configuration entries from the master");
throw new IOException("Failed to get configuration entries from the master");
@@ -473,7 +471,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
} catch (IOException eee) {
throw eee;
} catch (Exception eee) {
- CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString());
+ CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString());
}
} catch (IOException ee) {
@@ -491,38 +489,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
String s = st.nextToken();
if (s.equals("sslserver"))
continue;
- String name = "preop.master."+s+".nickname";
+ String name = "preop.master." + s + ".nickname";
String nickname = cs.getString(name, "");
CryptoManager cm = CryptoManager.getInstance();
X509Certificate xcert = null;
try {
xcert = cm.findCertByNickname(nickname);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
}
CryptoToken ct = cm.getInternalKeyStorageToken();
CryptoStore store = ct.getCryptoStore();
try {
store.deleteCert(xcert);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
}
}
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString());
- }
+ CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString());
+ }
}
private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
- CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'");
- if (pubkey.getAlgorithm().equals("EC")) {
- return org.mozilla.jss.crypto.PrivateKey.Type.EC;
- }
- return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
+ CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
+ if (pubkey.getAlgorithm().equals("EC")) {
+ return org.mozilla.jss.crypto.PrivateKey.Type.EC;
+ }
+ return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
}
- private void importkeycert(Vector pkeyinfo_collection,
- Vector cert_collection) throws IOException {
+ private void importkeycert(Vector pkeyinfo_collection,
+ Vector cert_collection) throws IOException {
CryptoManager cm = null;
try {
cm = CryptoManager.getInstance();
@@ -532,12 +530,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
// delete all existing certificates first
deleteExistingCerts();
- for (int i=0; i<pkeyinfo_collection.size(); i++) {
+ for (int i = 0; i < pkeyinfo_collection.size(); i++) {
try {
- Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i);
- PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0);
- String nickname = (String)pkeyinfo_v.elementAt(1);
- byte[] x509cert = getX509Cert(nickname, cert_collection);
+ Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i);
+ PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0);
+ String nickname = (String) pkeyinfo_v.elementAt(1);
+ byte[] x509cert = getX509Cert(nickname, cert_collection);
X509Certificate cert = cm.importCACertPackage(x509cert);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
pkeyinfo.encode(bos);
@@ -550,32 +548,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
try {
store.deleteCert(cert);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
}
KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
- byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
IVParameterSpec param = new IVParameterSpec(iv);
Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
c.initEncrypt(sk, param);
byte[] encpkey = c.doFinal(pkey);
-
+
KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
wrapper.initUnwrap(sk, param);
org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
}
}
- for (int i=0; i<cert_collection.size(); i++) {
+ for (int i = 0; i < cert_collection.size(); i++) {
try {
- Vector cert_v = (Vector)cert_collection.elementAt(i);
- byte[] cert = (byte[])cert_v.elementAt(0);
+ Vector cert_v = (Vector) cert_collection.elementAt(i);
+ byte[] cert = (byte[]) cert_v.elementAt(0);
if (cert_v.size() > 1) {
- String name = (String)cert_v.elementAt(1);
+ String name = (String) cert_v.elementAt(1);
// we need to delete the trusted CA certificate if it is
// the same as the ca signing certificate
if (isCASigningCert(name)) {
@@ -586,10 +584,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store");
if (store instanceof PK11Store) {
try {
- PK11Store pk11store = (PK11Store)store;
+ PK11Store pk11store = (PK11Store) store;
pk11store.deleteCertOnly(certchain);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
}
}
}
@@ -598,18 +596,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
X509Certificate xcert = cm.importUserCACertPackage(cert, name);
if (name.startsWith("caSigningCert")) {
// we need to change the trust attribute to CT
- InternalCertificate icert = (InternalCertificate)xcert;
- icert.setSSLTrust(InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA);
+ InternalCertificate icert = (InternalCertificate) xcert;
+ icert.setSSLTrust(InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA
+ | InternalCertificate.VALID_CA);
} else if (name.startsWith("auditSigningCert")) {
- InternalCertificate icert = (InternalCertificate)xcert;
+ InternalCertificate icert = (InternalCertificate) xcert;
icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
}
} else
cm.importCACertPackage(cert);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
}
}
}
@@ -628,15 +626,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
return false;
}
- private X509Certificate getX509CertFromToken(byte[] cert)
- throws IOException {
+ private X509Certificate getX509CertFromToken(byte[] cert)
+ throws IOException {
try {
X509CertImpl impl = new X509CertImpl(cert);
String issuer_impl = impl.getIssuerDN().toString();
BigInteger serial_impl = impl.getSerialNumber();
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] permcerts = cm.getPermCerts();
- for (int i=0; i<permcerts.length; i++) {
+ for (int i = 0; i < permcerts.length; i++) {
String issuer_p = permcerts[i].getSubjectDN().toString();
BigInteger serial_p = permcerts[i].getSerialNumber();
if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) {
@@ -644,25 +642,25 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
}
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString());
}
return null;
}
- private byte[] getX509Cert(String nickname, Vector cert_collection)
- throws IOException {
- for (int i=0; i<cert_collection.size(); i++) {
- Vector v = (Vector)cert_collection.elementAt(i);
- byte[] b = (byte[])v.elementAt(0);
+ private byte[] getX509Cert(String nickname, Vector cert_collection)
+ throws IOException {
+ for (int i = 0; i < cert_collection.size(); i++) {
+ Vector v = (Vector) cert_collection.elementAt(i);
+ byte[] b = (byte[]) v.elementAt(0);
X509CertImpl impl = null;
try {
impl = new X509CertImpl(b);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString());
- throw new IOException( e.toString() );
+ CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString());
+ throw new IOException(e.toString());
}
- Principal subjectdn = impl.getSubjectDN();
+ Principal subjectdn = impl.getSubjectDN();
if (LDAPDN.equals(subjectdn.toString(), nickname))
return b;
}
@@ -674,9 +672,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response,
+ Context context) {
context.put("title", "Import Keys and Certificates");
context.put("password", "");
context.put("path", "");
@@ -684,7 +681,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
private boolean isCertdbCloned(HttpServletRequest request,
- Context context) {
+ Context context) {
IConfigStore config = CMS.getConfigStore();
String certList = "";
try {
@@ -698,13 +695,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
String tokenname = config.getString("preop.module.token", "");
CryptoToken tok = cm.getTokenByName(tokenname);
CryptoStore store = tok.getCryptoStore();
- String name1 = "preop.master."+token+".nickname";
+ String name1 = "preop.master." + token + ".nickname";
String nickname = config.getString(name1, "");
if (!tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- nickname = tokenname+":"+nickname;
+ !tokenname.equals("internal"))
+ nickname = tokenname + ":" + nickname;
- CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname);
+ CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname);
X509Certificate cert = cm.findCertByNickname(nickname);
if (cert == null)
return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
index 854e8f10..0c066268 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
@@ -34,19 +34,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class SavePKCS12Panel extends WizardPanelBase {
- public SavePKCS12Panel() {}
+ public SavePKCS12Panel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Save Keys and Certificates");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Save Keys and Certificates");
setId(id);
@@ -60,11 +61,11 @@ public class SavePKCS12Panel extends WizardPanelBase {
try {
boolean enable = cs.getBoolean("preop.backupkeys.enable", false);
- if (!enable)
+ if (!enable)
return true;
} catch (Exception e) {
}
-
+
return false;
}
@@ -77,13 +78,14 @@ public class SavePKCS12Panel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -116,7 +118,7 @@ public class SavePKCS12Panel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
@@ -134,9 +136,8 @@ public class SavePKCS12Panel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response,
+ Context context) {
context.put("title", "Save Keys and Certificates");
context.put("panel", "admin/console/config/savepkcs12panel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
index 3a5d82d1..42165b08 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.net.URL;
import java.net.URLDecoder;
@@ -59,9 +58,9 @@ public class SecurityDomainLogin extends BaseServlet {
int index = url.indexOf("subsystem=");
String subsystem = "";
if (index > 0) {
- subsystem = url.substring(index+10);
+ subsystem = url.substring(index + 10);
int index1 = subsystem.indexOf("&");
- if (index1 > 0)
+ if (index1 > 0)
subsystem = subsystem.substring(0, index1);
}
context.put("sd_uid", "");
@@ -70,14 +69,14 @@ public class SecurityDomainLogin extends BaseServlet {
context.put("host", u.getHost());
context.put("sdhost", CMS.getEESSLHost());
if (subsystem.equals("KRA")) {
- subsystem = "DRM";
+ subsystem = "DRM";
}
context.put("subsystem", subsystem);
// The "securitydomain.name" property ONLY resides in the "CS.cfg"
// associated with the CS subsystem hosting the security domain.
IConfigStore cs = CMS.getConfigStore();
String sdname = cs.getString("securitydomain.name", "");
- context.put("name", sdname);
+ context.put("name", sdname);
template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index 90a6aeb0..7e45f019 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class SecurityDomainPanel extends WizardPanelBase {
- public SecurityDomainPanel() {}
+ public SecurityDomainPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
setPanelNo(panelno);
setName("Security Domain");
}
public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ throws ServletException {
setPanelNo(panelno);
setName("Security Domain");
setId(id);
@@ -72,15 +72,16 @@ public class SecurityDomainPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("https_ee_port", CMS.getEESSLPort());
context.put("https_admin_port", CMS.getAdminPort());
context.put("sdomainAdminURL", default_admin_url);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
context.put("panel", "admin/console/config/securitydomainpanel.vm");
context.put("errorString", errorString);
@@ -163,12 +165,12 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
if (count == numTokens) // skip the last element (e.g. com)
continue;
- sb.append((defaultDomain.length()==0)? "":" ");
+ sb.append((defaultDomain.length() == 0) ? "" : " ");
sb.append(capitalize(n));
}
- defaultDomain = sb.toString() + " "+ "Domain";
+ defaultDomain = sb.toString() + " " + "Domain";
name = defaultDomain;
- CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name);
+ CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name);
} catch (MalformedURLException e) {
errorString = "Malformed URL";
// not being able to come up with default domain name is ok
@@ -176,54 +178,53 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
context.put("sdomainName", name);
- if( default_admin_url != null ) {
+ if (default_admin_url != null) {
String r = null;
try {
// check to see if "default" security domain exists
// on local machine
- URL u = new URL( default_admin_url );
+ URL u = new URL(default_admin_url);
String hostname = u.getHost();
int port = u.getPort();
- ConfigCertApprovalCallback
- certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS( hostname, port, true, certApprovalCallback );
+ ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS(hostname, port, true, certApprovalCallback);
} catch (Exception e) {
- CMS.debug( "SecurityDomainPanel: exception caught: "
- + e.toString() );
+ CMS.debug("SecurityDomainPanel: exception caught: "
+ + e.toString());
}
-
- if( r != null ) {
+
+ if (r != null) {
// "default" security domain exists on local machine;
// fill "sdomainURL" in with "default" security domain
// as an initial "guess"
- CMS.debug( "SecurityDomainPanel: pingCS returns: "+r );
- context.put( "sdomainURL", default_admin_url );
+ CMS.debug("SecurityDomainPanel: pingCS returns: " + r);
+ context.put("sdomainURL", default_admin_url);
} else {
// "default" security domain does NOT exist on local machine;
// leave "sdomainURL" blank
- CMS.debug( "SecurityDomainPanel: pingCS no successful response" );
- context.put( "sdomainURL", "" );
+ CMS.debug("SecurityDomainPanel: pingCS no successful response");
+ context.put("sdomainURL", "");
}
}
// Information for "existing" Security Domain CAs
String initDaemon = "pki-cad";
String instanceId = "&lt;security_domain_instance_name&gt;";
- String os = System.getProperty( "os.name" );
- if( os.equalsIgnoreCase( "Linux" ) ) {
- if (! systemdService.equals("")) {
- context.put( "initCommand", "/usr/bin/pkicontrol" );
- context.put( "instanceId", "ca " + systemdService );
+ String os = System.getProperty("os.name");
+ if (os.equalsIgnoreCase("Linux")) {
+ if (!systemdService.equals("")) {
+ context.put("initCommand", "/usr/bin/pkicontrol");
+ context.put("instanceId", "ca " + systemdService);
} else {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/sbin/service " + initDaemon);
+ context.put("instanceId", instanceId);
}
} else {
/* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
- context.put( "initCommand", "/etc/init.d/" + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/etc/init.d/" + initDaemon);
+ context.put("instanceId", instanceId);
}
}
@@ -231,7 +232,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
if (s.length() == 0) {
return s;
} else {
- return s.substring(0,1).toUpperCase() + s.substring(1);
+ return s.substring(0, 1).toUpperCase() + s.substring(1);
}
}
@@ -241,7 +242,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
public void validate(HttpServletRequest request,
HttpServletResponse response,
Context context) throws IOException {
-
+
String select = HttpInput.getID(request, "choice");
if (select.equals("newdomain")) {
String name = HttpInput.getSecurityDomainName(request, "sdomainName");
@@ -251,50 +252,48 @@ public class SecurityDomainPanel extends WizardPanelBase {
throw new IOException("Missing name value for the security domain");
}
} else if (select.equals("existingdomain")) {
- CMS.debug( "SecurityDomainPanel: validating "
- + "SSL Admin HTTPS . . ." );
- String admin_url = HttpInput.getURL( request, "sdomainURL" );
- if( admin_url == null || admin_url.equals("") ) {
- initParams( request, context );
+ CMS.debug("SecurityDomainPanel: validating "
+ + "SSL Admin HTTPS . . .");
+ String admin_url = HttpInput.getURL(request, "sdomainURL");
+ if (admin_url == null || admin_url.equals("")) {
+ initParams(request, context);
context.put("updateStatus", "validate-failure");
- throw new IOException( "Missing SSL Admin HTTPS url value "
- + "for the security domain" );
+ throw new IOException("Missing SSL Admin HTTPS url value "
+ + "for the security domain");
} else {
String r = null;
try {
- URL u = new URL( admin_url );
+ URL u = new URL(admin_url);
String hostname = u.getHost();
int admin_port = u.getPort();
- ConfigCertApprovalCallback
- certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS( hostname, admin_port, true,
- certApprovalCallback );
- } catch( Exception e ) {
- CMS.debug( "SecurityDomainPanel: exception caught: "
- + e.toString() );
+ ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS(hostname, admin_port, true,
+ certApprovalCallback);
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainPanel: exception caught: "
+ + e.toString());
context.put("updateStatus", "validate-failure");
- throw new IOException( "Illegal SSL Admin HTTPS url value "
- + "for the security domain" );
+ throw new IOException("Illegal SSL Admin HTTPS url value "
+ + "for the security domain");
}
if (r != null) {
CMS.debug("SecurityDomainPanel: pingAdminCS returns: "
- + r );
- context.put( "sdomainURL", admin_url );
+ + r);
+ context.put("sdomainURL", admin_url);
} else {
- CMS.debug( "SecurityDomainPanel: pingAdminCS "
- + "no successful response for SSL Admin HTTPS" );
- context.put( "sdomainURL", "" );
+ CMS.debug("SecurityDomainPanel: pingAdminCS "
+ + "no successful response for SSL Admin HTTPS");
+ context.put("sdomainURL", "");
}
}
}
}
- public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ public void initParams(HttpServletRequest request, Context context)
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
try {
context.put("cstype", config.getString("cs.type"));
@@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("check_newdomain", "checked");
context.put("check_existingdomain", "");
} else if (select.equals("existingdomain")) {
- context.put("check_newdomain", "");
+ context.put("check_newdomain", "");
context.put("check_existingdomain", "checked");
}
@@ -340,29 +339,30 @@ public class SecurityDomainPanel extends WizardPanelBase {
if (select.equals("newdomain")) {
config.putString("preop.securitydomain.select", "new");
config.putString("securitydomain.select", "new");
- config.putString("preop.securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.host",
- CMS.getEENonSSLHost());
- config.putString("securitydomain.httpport",
- CMS.getEENonSSLPort());
- config.putString("securitydomain.httpsagentport",
- CMS.getAgentPort());
- config.putString("securitydomain.httpseeport",
- CMS.getEESSLPort());
- config.putString("securitydomain.httpsadminport",
- CMS.getAdminPort());
+ config.putString("preop.securitydomain.name",
+ HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.name",
+ HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.host",
+ CMS.getEENonSSLHost());
+ config.putString("securitydomain.httpport",
+ CMS.getEENonSSLPort());
+ config.putString("securitydomain.httpsagentport",
+ CMS.getAgentPort());
+ config.putString("securitydomain.httpseeport",
+ CMS.getEESSLPort());
+ config.putString("securitydomain.httpsadminport",
+ CMS.getAdminPort());
// make sure the subsystem certificate is issued by the security
// domain
config.putString("preop.cert.subsystem.type", "local");
config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
-
+
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
String instanceRoot = "";
try {
@@ -383,31 +383,32 @@ public class SecurityDomainPanel extends WizardPanelBase {
String hostname = "";
int admin_port = -1;
- if( admin_url != null ) {
+ if (admin_url != null) {
try {
- URL admin_u = new URL( admin_url );
+ URL admin_u = new URL(admin_url);
hostname = admin_u.getHost();
admin_port = admin_u.getPort();
- } catch( MalformedURLException e ) {
+ } catch (MalformedURLException e) {
errorString = "Malformed SSL Admin HTTPS URL";
context.put("updateStatus", "failure");
- throw new IOException( errorString );
+ throw new IOException(errorString);
}
- context.put( "sdomainURL", admin_url );
- config.putString( "securitydomain.host", hostname );
- config.putInteger( "securitydomain.httpsadminport",
- admin_port );
+ context.put("sdomainURL", admin_url);
+ config.putString("securitydomain.host", hostname);
+ config.putInteger("securitydomain.httpsadminport",
+ admin_port);
}
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChain( config, "securitydomain", hostname, admin_port,
- true, context, certApprovalCallback );
+ updateCertChain(config, "securitydomain", hostname, admin_port,
+ true, context, certApprovalCallback);
} else {
CMS.debug("SecurityDomainPanel: invalid choice " + select);
errorString = "Invalid choice";
@@ -425,7 +426,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("wizardname", config.getString("preop.wizard.name"));
context.put("panelname", "Security Domain Configuration");
context.put("systemname", config.getString("preop.system.name"));
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
context.put("errorString", errorString);
context.put("updateStatus", "success");
@@ -446,32 +448,33 @@ public class SecurityDomainPanel extends WizardPanelBase {
try {
default_admin_url = config.getString("preop.securitydomain.admin_url", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
- if( default_admin_url != null ) {
+ if (default_admin_url != null) {
String r = null;
try {
// check to see if "default" security domain exists
// on local machine
- URL u = new URL( default_admin_url );
+ URL u = new URL(default_admin_url);
String hostname = u.getHost();
int port = u.getPort();
- ConfigCertApprovalCallback
- certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS( hostname, port, true, certApprovalCallback );
- } catch (Exception e) {}
-
- if( r != null ) {
+ ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS(hostname, port, true, certApprovalCallback);
+ } catch (Exception e) {
+ }
+
+ if (r != null) {
// "default" security domain exists on local machine;
// refill "sdomainURL" in with "default" security domain
// as an initial "guess"
- context.put( "sdomainURL", default_admin_url );
+ context.put("sdomainURL", default_admin_url);
} else {
// "default" security domain does NOT exist on local machine;
// leave "sdomainURL" blank
- context.put( "sdomainURL", "" );
+ context.put("sdomainURL", "");
}
}
@@ -483,19 +486,20 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("https_admin_port", CMS.getAdminPort());
context.put("sdomainAdminURL",
config.getString("preop.securitydomain.admin_url"));
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
// Information for "existing" Security Domain CAs
String initDaemon = "pki-cad";
String instanceId = "&lt;security_domain_instance_name&gt;";
- String os = System.getProperty( "os.name" );
- if( os.equalsIgnoreCase( "Linux" ) ) {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ String os = System.getProperty("os.name");
+ if (os.equalsIgnoreCase("Linux")) {
+ context.put("initCommand", "/sbin/service " + initDaemon);
+ context.put("instanceId", instanceId);
} else {
/* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
- context.put( "initCommand", "/etc/init.d/" + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/etc/init.d/" + initDaemon);
+ context.put("instanceId", instanceId);
}
context.put("title", "Security Domain");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
index 75cc0fb6..d15ca5ad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
@@ -27,8 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable;
/**
* This object stores the values for IP, uid and group based on the cookie id.
*/
-public class SecurityDomainSessionTable
- implements ISecurityDomainSessionTable {
+public class SecurityDomainSessionTable
+ implements ISecurityDomainSessionTable {
private Hashtable<String, Vector<Comparable<?>>> m_sessions;
private long m_timeToLive;
@@ -38,8 +38,8 @@ public class SecurityDomainSessionTable
m_timeToLive = timeToLive;
}
- public int addEntry(String sessionId, String ip,
- String uid, String group) {
+ public int addEntry(String sessionId, String ip,
+ String uid, String group) {
Vector<Comparable<?>> v = new Vector<Comparable<?>>();
v.addElement(ip);
v.addElement(uid);
@@ -67,28 +67,28 @@ public class SecurityDomainSessionTable
public String getIP(String sessionId) {
Vector<Comparable<?>> v = m_sessions.get(sessionId);
if (v != null)
- return (String)v.elementAt(0);
+ return (String) v.elementAt(0);
return null;
}
public String getUID(String sessionId) {
Vector<Comparable<?>> v = m_sessions.get(sessionId);
if (v != null)
- return (String)v.elementAt(1);
+ return (String) v.elementAt(1);
return null;
}
public String getGroup(String sessionId) {
Vector<Comparable<?>> v = m_sessions.get(sessionId);
if (v != null)
- return (String)v.elementAt(2);
+ return (String) v.elementAt(2);
return null;
}
public long getBeginTime(String sessionId) {
Vector<Comparable<?>> v = m_sessions.get(sessionId);
- if (v != null) {
- Long n = (Long)v.elementAt(3);
+ if (v != null) {
+ Long n = (Long) v.elementAt(3);
if (n != null)
return n.longValue();
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
index c3a1e325..49cadb9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
@@ -29,7 +29,7 @@ public class SessionTimer extends TimerTask {
private ISecurityDomainSessionTable m_sessiontable = null;
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
- "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
public SessionTimer(ISecurityDomainSessionTable table) {
super();
@@ -39,15 +39,15 @@ public class SessionTimer extends TimerTask {
public void run() {
Enumeration keys = m_sessiontable.getSessionIds();
while (keys.hasMoreElements()) {
- String sessionId = (String)keys.nextElement();
+ String sessionId = (String) keys.nextElement();
long beginTime = m_sessiontable.getBeginTime(sessionId);
Date nowDate = new Date();
long nowTime = nowDate.getTime();
long timeToLive = m_sessiontable.getTimeToLive();
- if ((nowTime-beginTime) > timeToLive) {
+ if ((nowTime - beginTime) > timeToLive) {
m_sessiontable.removeEntry(sessionId);
CMS.debug("SessionTimer run: successfully remove the session id entry from the table.");
-
+
// audit message
String auditParams = "operation;;expire_token+token;;" + sessionId;
String auditMessage = CMS.getLogMessage(
@@ -62,9 +62,7 @@ public class SessionTimer extends TimerTask {
ILogger.LL_SECURITY,
auditMessage);
-
}
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 0e6a507a..a008d259 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
@@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase {
private String default_rsa_key_size;
private boolean mShowSigning = false;
- public SizePanel() {}
+ public SizePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+ throws ServletException {
setPanelNo(panelno);
setName("Key Pairs");
setId(id);
@@ -69,19 +69,19 @@ public class SizePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE,
"default,custom", null, /* no default parameter */
"If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'.");
set.add("choice", choiceDesc);
-
+
Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
null, /* no default parameter */
"Custom Key Size");
set.add("custom_size", customSizeDesc);
-
+
return set;
}
@@ -105,7 +105,8 @@ public class SizePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -118,7 +119,7 @@ public class SizePanel extends WizardPanelBase {
Context context) {
CMS.debug("SizePanel: display()");
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
@@ -134,12 +135,12 @@ public class SizePanel extends WizardPanelBase {
}
try {
- default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
+ default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
} catch (Exception e) {
}
try {
- default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
+ default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
} catch (Exception e) {
}
@@ -180,12 +181,13 @@ public class SizePanel extends WizardPanelBase {
PCERT_PREFIX + certTag + ".signing.required",
false);
c.setSigningRequired(signingRequired);
- if (signingRequired) mShowSigning = true;
+ if (signingRequired)
+ mShowSigning = true;
String userfriendlyname = config.getString(
PCERT_PREFIX + certTag + ".userfriendlyname");
c.setUserFriendlyName(userfriendlyname);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
c.setEnable(enable);
mCerts.addElement(c);
}// while
@@ -236,13 +238,13 @@ public class SizePanel extends WizardPanelBase {
if (select1.equals("clone")) {
// preset the sslserver dn for cloning case
try {
- String val = config.getString("preop.cert.sslserver.dn", "");
- config.putString("preop.cert.sslserver.dn", val+",o=clone");
+ String val = config.getString("preop.cert.sslserver.dn", "");
+ config.putString("preop.cert.sslserver.dn", val + ",o=clone");
} catch (Exception ee) {
}
}
}
-
+
String token = "";
try {
token = config.getString(PRE_CONF_CA_TOKEN, "");
@@ -251,7 +253,7 @@ public class SizePanel extends WizardPanelBase {
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
String ct = cert.getCertTag();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
if (!enable)
continue;
@@ -280,28 +282,28 @@ public class SizePanel extends WizardPanelBase {
}
CMS.debug(
"SizePanel: update() keysize choice selected:" + select);
- String oldkeysize =
- config.getString(PCERT_PREFIX+ct+".keysize.size", "");
- String oldkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String oldkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String oldsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+ String oldkeysize =
+ config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+ String oldkeytype =
+ config.getString(PCERT_PREFIX + ct + ".keytype", "");
+ String oldkeyalgorithm =
+ config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+ String oldsigningalgorithm =
+ config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
String oldcurvename =
- config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+ config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
if (select.equals("default")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.custom_name",
- default_ecc_curve_name);
- config.putString("preop.curvename.name", default_ecc_curve_name);
+ config.putString("preop.curvename.custom_name",
+ default_ecc_curve_name);
+ config.putString("preop.curvename.name", default_ecc_curve_name);
} else {
- config.putString("preop.keysize.custom_size",
- default_rsa_key_size);
- config.putString("preop.keysize.size", default_rsa_key_size);
+ config.putString("preop.keysize.custom_size",
+ default_rsa_key_size);
+ config.putString("preop.keysize.size", default_rsa_key_size);
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
@@ -311,31 +313,31 @@ public class SizePanel extends WizardPanelBase {
"default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString(PCERT_PREFIX + ct +
- ".curvename.custom_name",
- default_ecc_curve_name);
- config.putString(PCERT_PREFIX + ct + ".curvename.name",
- default_ecc_curve_name);
+ config.putString(PCERT_PREFIX + ct +
+ ".curvename.custom_name",
+ default_ecc_curve_name);
+ config.putString(PCERT_PREFIX + ct + ".curvename.name",
+ default_ecc_curve_name);
} else {
- config.putString(PCERT_PREFIX + ct +
- ".keysize.custom_size",
- default_rsa_key_size);
- config.putString(PCERT_PREFIX + ct + ".keysize.size",
- default_rsa_key_size);
+ config.putString(PCERT_PREFIX + ct +
+ ".keysize.custom_size",
+ default_rsa_key_size);
+ config.putString(PCERT_PREFIX + ct + ".keysize.size",
+ default_rsa_key_size);
}
} else if (select.equals("custom")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "custom");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ config.putString("preop.curvename.name",
+ HttpInput.getString(request, ct + "_custom_curvename"));
config.putString("preop.curvename.custom_name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ HttpInput.getString(request, ct + "_custom_curvename"));
} else {
- config.putString("preop.keysize.size",
- HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+ config.putString("preop.keysize.size",
+ HttpInput.getKeySize(request, ct + "_custom_size", keytype));
config.putString("preop.keysize.custom_size",
- HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+ HttpInput.getKeySize(request, ct + "_custom_size", keytype));
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
@@ -346,42 +348,42 @@ public class SizePanel extends WizardPanelBase {
if (keytype != null && keytype.equals("ecc")) {
config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ HttpInput.getString(request, ct + "_custom_curvename"));
config.putString(PCERT_PREFIX + ct + ".curvename.name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ HttpInput.getString(request, ct + "_custom_curvename"));
} else {
config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
- HttpInput.getKeySize(request, ct + "_custom_size"));
+ HttpInput.getKeySize(request, ct + "_custom_size"));
config.putString(PCERT_PREFIX + ct + ".keysize.size",
- HttpInput.getKeySize(request, ct + "_custom_size"));
+ HttpInput.getKeySize(request, ct + "_custom_size"));
}
} else {
CMS.debug("SizePanel: invalid choice " + select);
throw new IOException("invalid choice " + select);
}
- String newkeysize =
- config.getString(PCERT_PREFIX+ct+".keysize.size", "");
- String newkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String newkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String newsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String newcurvename =
- config.getString(PCERT_PREFIX+ct+".curvename.name", "");
-
- if (!oldkeysize.equals(newkeysize) ||
- !oldkeytype.equals(newkeytype) ||
- !oldkeyalgorithm.equals(newkeyalgorithm) ||
- !oldsigningalgorithm.equals(newsigningalgorithm) ||
- !oldcurvename.equals(newcurvename))
+ String newkeysize =
+ config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+ String newkeytype =
+ config.getString(PCERT_PREFIX + ct + ".keytype", "");
+ String newkeyalgorithm =
+ config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+ String newsigningalgorithm =
+ config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+ String newcurvename =
+ config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+
+ if (!oldkeysize.equals(newkeysize) ||
+ !oldkeytype.equals(newkeytype) ||
+ !oldkeyalgorithm.equals(newkeyalgorithm) ||
+ !oldsigningalgorithm.equals(newsigningalgorithm) ||
+ !oldcurvename.equals(newcurvename))
hasChanged = true;
}// while
try {
config.commit(false);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString());
}
@@ -393,7 +395,7 @@ public class SizePanel extends WizardPanelBase {
context.put("updateStatus", "success");
return;
}
- } catch (IOException e) {
+ } catch (IOException e) {
CMS.debug("SizePanel: update() IOException caught: " + e.toString());
context.put("updateStatus", "failure");
throw e;
@@ -401,7 +403,7 @@ public class SizePanel extends WizardPanelBase {
CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString());
context.put("updateStatus", "failure");
throw e;
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("SizePanel: update() Exception caught: " + e.toString());
}
@@ -414,7 +416,7 @@ public class SizePanel extends WizardPanelBase {
String friendlyName = ct;
boolean enable = true;
try {
- enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct);
} catch (Exception e) {
}
@@ -425,15 +427,15 @@ public class SizePanel extends WizardPanelBase {
try {
String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
-
+
if (keytype.equals("rsa")) {
int keysize = config.getInteger(
- PCERT_PREFIX + ct + ".keysize.size");
+ PCERT_PREFIX + ct + ".keysize.size");
createRSAKeyPair(token, keysize, config, ct);
} else {
String curveName = config.getString(
- PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
+ PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
createECCKeyPair(token, curveName, config, ct);
}
config.commit(false);
@@ -441,31 +443,30 @@ public class SizePanel extends WizardPanelBase {
CMS.debug(e);
CMS.debug("SizePanel: key generation failure: " + e.toString());
context.put("updateStatus", "failure");
- throw new IOException("key generation failure for the certificate: " + friendlyName +
+ throw new IOException("key generation failure for the certificate: " + friendlyName +
". See the logs for details.");
}
} // while
if (hasErr == false) {
- config.putBoolean("preop.SizePanel.done", true);
- try {
- config.commit(false);
- } catch (EBaseException e) {
- CMS.debug(
- "SizePanel: update() Exception caught at config commit: "
- + e.toString());
- }
- }
+ config.putBoolean("preop.SizePanel.done", true);
+ try {
+ config.commit(false);
+ } catch (EBaseException e) {
+ CMS.debug(
+ "SizePanel: update() Exception caught at config commit: "
+ + e.toString());
+ }
+ }
CMS.debug("SizePanel: update() done");
context.put("updateStatus", "success");
}
- public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
- {
- CMS.debug("Generating ECC key pair with curvename="+ curveName +
- ", token="+token);
+ public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
+ throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException {
+ CMS.debug("Generating ECC key pair with curvename=" + curveName +
+ ", token=" + token);
KeyPair pair = null;
/*
* default ssl server cert to ECDHE unless stated otherwise
@@ -488,48 +489,48 @@ public class SizePanel extends WizardPanelBase {
// ECDHE needs "SIGN" but no "DERIVE"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
};
// ECDH needs "DERIVE" but no any kind of "SIGN"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
};
do {
- if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- ECDH_usages_mask);
- } else {
- if (ct.equals("sslserver")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- }
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- usages_mask);
- }
-
- // XXX - store curve , w
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad ECC key id " + kid);
- pair = null;
+ if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ pair = CryptoUtil.generateECCKeyPair(token, curveName,
+ null,
+ ECDH_usages_mask);
+ } else {
+ if (ct.equals("sslserver")) {
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ }
+ pair = CryptoUtil.generateECCKeyPair(token, curveName,
+ null,
+ usages_mask);
+ }
+
+ // XXX - store curve , w
+ byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
+ String kid = CryptoUtil.byte2string(id);
+ config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+
+ // try to locate the private key
+ org.mozilla.jss.crypto.PrivateKey privk =
+ CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+ if (privk == null) {
+ CMS.debug("Found bad ECC key id " + kid);
+ pair = null;
}
} while (pair == null);
- CMS.debug("Public key class " + pair.getPublic().getClass().getName());
+ CMS.debug("Public key class " + pair.getPublic().getClass().getName());
byte encoded[] = pair.getPublic().getEncoded();
config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
- CryptoUtil.byte2string(encoded));
+ CryptoUtil.byte2string(encoded));
String keyAlgo = "";
try {
@@ -537,25 +538,24 @@ public class SizePanel extends WizardPanelBase {
} catch (Exception e1) {
}
- setSigningAlgorithm(ct, keyAlgo, config);
+ setSigningAlgorithm(ct, keyAlgo, config);
}
- public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
- {
+ public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
+ throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException {
/* generate key pair */
KeyPair pair = null;
do {
- pair = CryptoUtil.generateRSAKeyPair(token, keysize);
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad RSA key id " + kid);
- pair = null;
+ pair = CryptoUtil.generateRSAKeyPair(token, keysize);
+ byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
+ String kid = CryptoUtil.byte2string(id);
+ config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+ // try to locate the private key
+ org.mozilla.jss.crypto.PrivateKey privk =
+ CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+ if (privk == null) {
+ CMS.debug("Found bad RSA key id " + kid);
+ pair = null;
}
} while (pair == null);
@@ -563,9 +563,9 @@ public class SizePanel extends WizardPanelBase {
byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
- CryptoUtil.byte2string(modulus));
+ CryptoUtil.byte2string(modulus));
config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
- CryptoUtil.byte2string(exponent));
+ CryptoUtil.byte2string(exponent));
String keyAlgo = "";
try {
@@ -573,41 +573,40 @@ public class SizePanel extends WizardPanelBase {
} catch (Exception e1) {
}
- setSigningAlgorithm(ct, keyAlgo, config);
+ setSigningAlgorithm(ct, keyAlgo, config);
}
public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) {
String systemType = "";
try {
- systemType = config.getString("preop.system.name");
+ systemType = config.getString("preop.system.name");
} catch (Exception e1) {
}
if (systemType.equalsIgnoreCase("CA")) {
- if (ct.equals("signing")) {
- config.putString("ca.signing.defaultSigningAlgorithm",
+ if (ct.equals("signing")) {
+ config.putString("ca.signing.defaultSigningAlgorithm",
keyAlgo);
- config.putString("ca.crl.MasterCRL.signingAlgorithm",
+ config.putString("ca.crl.MasterCRL.signingAlgorithm",
keyAlgo);
- } else if (ct.equals("ocsp_signing")) {
- config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
+ } else if (ct.equals("ocsp_signing")) {
+ config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
keyAlgo);
- }
+ }
} else if (systemType.equalsIgnoreCase("OCSP")) {
- if (ct.equals("signing")) {
- config.putString("ocsp.signing.defaultSigningAlgorithm",
+ if (ct.equals("signing")) {
+ config.putString("ocsp.signing.defaultSigningAlgorithm",
keyAlgo);
- }
+ }
} else if (systemType.equalsIgnoreCase("KRA") ||
- systemType.equalsIgnoreCase("DRM")) {
- if (ct.equals("transport")) {
+ systemType.equalsIgnoreCase("DRM")) {
+ if (ct.equals("transport")) {
config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
- }
+ }
}
}
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String s = "";
try {
@@ -646,7 +645,7 @@ public class SizePanel extends WizardPanelBase {
HttpServletResponse response,
Context context) {
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
index cf59e07c..2372b309 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
@@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- IConfigStore config = CMS.getConfigStore();
+ IConfigStore config = CMS.getConfigStore();
String sessionId = httpReq.getParameter("sessionID");
CMS.debug("TokenAuthentication: sessionId=" + sessionId);
@@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet {
CMS.debug("TokenAuthentication: found session");
if (checkIP) {
String hostname = table.getIP(sessionId);
- if (! hostname.equals(givenHost)) {
- CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost="
- + givenHost + " are different");
+ if (!hostname.equals(givenHost)) {
+ CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost="
+ + givenHost + " are different");
CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
outputError(httpResp, "Error: Failed Authentication");
return;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
index cf699c61..bba1f378 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateConnector extends CMSServlet {
/**
@@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateConnector: processing...");
@@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet {
CMS.debug("UpdateConnector authentication successful.");
} catch (Exception e) {
CMS.debug("UpdateConnector: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
CMS.debug("UpdateConnector authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -125,7 +124,7 @@ public class UpdateConnector extends CMSServlet {
Enumeration list = httpReq.getParameterNames();
while (list.hasMoreElements()) {
- String name = (String)list.nextElement();
+ String name = (String) list.nextElement();
String val = httpReq.getParameter(name);
if (name != null && name.startsWith("ca.connector")) {
CMS.debug("Adding connector update name=" + name + " val=" + val);
@@ -134,24 +133,24 @@ public class UpdateConnector extends CMSServlet {
CMS.debug("Skipping connector update name=" + name + " val=" + val);
}
}
-
- try {
+
+ try {
String nickname = cs.getString("ca.subsystem.nickname", "");
String tokenname = cs.getString("ca.subsystem.tokenname", "");
if (!tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ nickname = tokenname + ":" + nickname;
cs.putString("ca.connector.KRA.nickName", nickname);
cs.commit(false);
} catch (Exception e) {
}
// start the connector
- try {
+ try {
ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem("ca");
- ICAService caService = (ICAService)ca.getCAService();
+ CMS.getSubsystem("ca");
+ ICAService caService = (ICAService) ca.getCAService();
IConnector kraConnector = caService.getConnector(
- cs.getSubStore("ca.connector.KRA"));
+ cs.getSubStore("ca.connector.KRA"));
caService.setKRAConnector(kraConnector);
kraConnector.start();
} catch (Exception e) {
@@ -173,12 +172,13 @@ public class UpdateConnector extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index c9fe27ef..0476e26d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateDomainXML extends CMSServlet {
/**
@@ -65,9 +63,9 @@ public class UpdateDomainXML extends CMSServlet {
private final static String SUCCESS = "0";
private final static String FAILED = "1";
private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
- "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
public UpdateDomainXML() {
super();
@@ -75,6 +73,7 @@ public class UpdateDomainXML extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -101,20 +100,19 @@ public class UpdateDomainXML extends CMSServlet {
status = FAILED;
CMS.debug("Failed to delete entry" + e.toString());
}
- } catch (Exception e) {
- CMS.debug("Failed to delete entry" + e.toString());
- } finally {
+ } catch (Exception e) {
+ CMS.debug("Failed to delete entry" + e.toString());
+ } finally {
try {
- if ((conn != null) && (connFactory!= null)) {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Error releasing the ldap connection" + e.toString());
}
- }
- return status;
+ }
+ return status;
}
private String modify_ldap(String dn, LDAPModification mod) {
@@ -135,23 +133,21 @@ public class UpdateDomainXML extends CMSServlet {
status = FAILED;
CMS.debug("Failed to modify entry" + e.toString());
}
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Failed to modify entry" + e.toString());
- } finally {
+ } finally {
try {
- if ((conn != null) && (connFactory!= null)) {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Error releasing the ldap connection" + e.toString());
}
- }
- return status;
+ }
+ return status;
}
-
private String add_to_ldap(LDAPEntry entry, String dn) {
CMS.debug("UpdateDomainXML: add_to_ldap: starting");
String status = SUCCESS;
@@ -172,37 +168,35 @@ public class UpdateDomainXML extends CMSServlet {
conn.delete(dn);
conn.add(entry);
} catch (LDAPException ee) {
- CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString());
+ CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString());
status = FAILED;
}
} else {
- CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString());
+ CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString());
status = FAILED;
}
} catch (Exception e) {
CMS.debug("Failed to add entry" + e.toString());
} finally {
try {
- if ((conn != null) && (connFactory!= null)) {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Error releasing the ldap connection" + e.toString());
}
- }
- return status;
+ }
+ return status;
}
-
-
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
* <li>http.param op 'displayIND' - display pretty-print of certificate chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -219,7 +213,7 @@ public class UpdateDomainXML extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -233,19 +227,19 @@ public class UpdateDomainXML extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- AUTH_FAILURE,
- "Error: Encountered problem during authorization.");
+ AUTH_FAILURE,
+ "Error: Encountered problem during authorization.");
return;
}
if (authzToken == null) {
@@ -272,7 +266,7 @@ public class UpdateDomainXML extends CMSServlet {
String missing = "";
if ((host == null) || host.equals("")) {
missing += " host ";
- }
+ }
if ((name == null) || name.equals("")) {
missing += " name ";
}
@@ -286,20 +280,20 @@ public class UpdateDomainXML extends CMSServlet {
clone = "false";
}
- if (! missing.equals("")) {
- CMS.debug("UpdateDomainXML process: required parameters:" + missing +
+ if (!missing.equals("")) {
+ CMS.debug("UpdateDomainXML process: required parameters:" + missing +
"not provided in request");
- outputError(httpResp, "Error: required parameters: " + missing +
+ outputError(httpResp, "Error: required parameters: " + missing +
"not provided in request");
return;
}
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+
- "+clone;;"+clone+"+type;;"+type;
+ String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport +
+ "+clone;;" + clone + "+type;;" + type;
if (operation != null) {
- auditParams += "+operation;;"+operation;
+ auditParams += "+operation;;" + operation;
} else {
auditParams += "+operation;;add";
}
@@ -312,8 +306,7 @@ public class UpdateDomainXML extends CMSServlet {
try {
basedn = cs.getString("internaldb.basedn");
secstore = cs.getString("securitydomain.store");
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script");
}
@@ -326,7 +319,7 @@ public class UpdateDomainXML extends CMSServlet {
String listName = type + "List";
String cn = host + ":";
- if ((adminsport!= null) && (adminsport != "")) {
+ if ((adminsport != null) && (adminsport != "")) {
cn += adminsport;
} else {
cn += sport;
@@ -361,64 +354,63 @@ public class UpdateDomainXML extends CMSServlet {
attrs.add(new LDAPAttribute("clone", clone.toUpperCase()));
attrs.add(new LDAPAttribute("SubsystemName", name));
entry = new LDAPEntry(dn, attrs);
-
- if ((operation != null) && (operation.equals("remove"))) {
- status = remove_from_ldap(dn);
- String adminUserDN;
- if ((agentsport != null) && (!agentsport.equals(""))) {
- adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
- } else {
- adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
- }
- String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
- "+resource;;"+adminUserDN;
- if (status.equals(SUCCESS)) {
- // remove the user for this subsystem's admin
- status2 = remove_from_ldap(adminUserDN);
- if (status2.equals(SUCCESS)) {
- auditMessage = CMS.getLogMessage(
+
+ if ((operation != null) && (operation.equals("remove"))) {
+ status = remove_from_ldap(dn);
+ String adminUserDN;
+ if ((agentsport != null) && (!agentsport.equals(""))) {
+ adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
+ } else {
+ adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
+ }
+ String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
+ "+resource;;" + adminUserDN;
+ if (status.equals(SUCCESS)) {
+ // remove the user for this subsystem's admin
+ status2 = remove_from_ldap(adminUserDN);
+ if (status2.equals(SUCCESS)) {
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.SUCCESS,
userAuditParams);
- audit(auditMessage);
+ audit(auditMessage);
- // remove this user from the subsystem group
- userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
+ // remove this user from the subsystem group
+ userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
"+source;;UpdateDomainXML" +
- "+resource;;Subsystem Group+user;;"+adminUserDN;
- dn = "cn=Subsystem Group, ou=groups," + basedn;
- LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
+ "+resource;;Subsystem Group+user;;" + adminUserDN;
+ dn = "cn=Subsystem Group, ou=groups," + basedn;
+ LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
new LDAPAttribute("uniqueMember", adminUserDN));
- status2 = modify_ldap(dn, mod);
- if (status2.equals(SUCCESS)) {
- auditMessage = CMS.getLogMessage(
+ status2 = modify_ldap(dn, mod);
+ if (status2.equals(SUCCESS)) {
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.SUCCESS,
userAuditParams);
- } else {
- auditMessage = CMS.getLogMessage(
+ } else {
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.FAILURE,
userAuditParams);
- }
- audit(auditMessage);
- } else { // error deleting user
- auditMessage = CMS.getLogMessage(
+ }
+ audit(auditMessage);
+ } else { // error deleting user
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
auditSubjectID,
ILogger.FAILURE,
userAuditParams);
- audit(auditMessage);
- }
+ audit(auditMessage);
}
+ }
} else {
- status = add_to_ldap(entry, dn);
+ status = add_to_ldap(entry, dn);
}
- }
- else {
+ } else {
// update the domain.xml file
String path = CMS.getConfigStore().getString("instanceRoot", "")
+ "/conf/domain.xml";
@@ -430,7 +422,7 @@ public class UpdateDomainXML extends CMSServlet {
CMS.debug("UpdateDomainXML: Inserting new domain info");
XMLObject parser = new XMLObject(new FileInputStream(path));
Node n = parser.getContainer(list);
- int count =0;
+ int count = 0;
if ((operation != null) && (operation.equals("remove"))) {
// delete node
@@ -444,11 +436,11 @@ public class UpdateDomainXML extends CMSServlet {
Vector v_host = parser.getValuesFromContainer(nn, "Host");
Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
- && (v_adminport.elementAt(0).equals(adminsport))) {
- Node parent = nn.getParentNode();
- Node remNode = parent.removeChild(nn);
- count --;
- break;
+ && (v_adminport.elementAt(0).equals(adminsport))) {
+ Node parent = nn.getParentNode();
+ Node remNode = parent.removeChild(nn);
+ count--;
+ break;
}
}
} else {
@@ -463,33 +455,33 @@ public class UpdateDomainXML extends CMSServlet {
parser.addItemToContainer(parent, "UnSecurePort", httpport);
parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase());
parser.addItemToContainer(parent, "Clone", clone.toUpperCase());
- count ++;
+ count++;
}
//update count
String countS = "";
NodeList nlist = n.getChildNodes();
Node countnode = null;
- for (int i=0; i<nlist.getLength(); i++) {
- Element nn = (Element)nlist.item(i);
+ for (int i = 0; i < nlist.getLength(); i++) {
+ Element nn = (Element) nlist.item(i);
String tagname = nn.getTagName();
if (tagname.equals("SubsystemCount")) {
countnode = nn;
NodeList nlist1 = nn.getChildNodes();
Node nn1 = nlist1.item(0);
- countS = nn1.getNodeValue();
+ countS = nn1.getNodeValue();
break;
}
}
- CMS.debug("UpdateDomainXML process: SubsystemCount="+countS);
+ CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS);
try {
- count += Integer.parseInt(countS);
+ count += Integer.parseInt(countS);
} catch (Exception ee) {
}
Node nn2 = n.removeChild(countnode);
- parser.addItemToContainer(n, "SubsystemCount", ""+count);
+ parser.addItemToContainer(n, "SubsystemCount", "" + count);
// recreate domain.xml
CMS.debug("UpdateDomainXML: Recreating domain.xml");
@@ -503,7 +495,7 @@ public class UpdateDomainXML extends CMSServlet {
}
}
-
+
if (status.equals(SUCCESS)) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
@@ -520,11 +512,11 @@ public class UpdateDomainXML extends CMSServlet {
}
audit(auditMessage);
- if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
- status = SUCCESS;
- } else {
- status = FAILED;
- }
+ if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
+ status = SUCCESS;
+ } else {
+ status = FAILED;
+ }
try {
// send success status back to the requestor
@@ -537,22 +529,24 @@ public class UpdateDomainXML extends CMSServlet {
outputResult(httpResp, "application/xml", cb);
} catch (Exception e) {
- CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
+ CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
}
}
protected String securityDomainXMLtoLDAP(String xmltag) {
- if (xmltag.equals("Host")) return "host";
- else return xmltag;
+ if (xmltag.equals("Host"))
+ return "host";
+ else
+ return xmltag;
}
-
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 0a1787aa..894afa5f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateNumberRange extends CMSServlet {
/**
@@ -56,7 +54,7 @@ public class UpdateNumberRange extends CMSServlet {
private final static String FAILED = "1";
private final static String AUTH_FAILURE = "2";
private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER =
- "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
+ "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
public UpdateNumberRange() {
super();
@@ -64,6 +62,7 @@ public class UpdateNumberRange extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,12 @@ public class UpdateNumberRange extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
* <li>http.param op 'displayIND' - display pretty-print of certificate chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
if (authzToken == null) {
@@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet {
BigInteger oneNum = new BigInteger("1");
String endNumConfig = null;
String cloneNumConfig = null;
- String nextEndConfig = null;
+ String nextEndConfig = null;
int radix = 10;
IRepository repo = null;
if (cstype.equals("KRA")) {
IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(
- IKeyRecoveryAuthority.ID);
+ IKeyRecoveryAuthority.ID);
if (type.equals("request")) {
repo = kra.getRequestQueue().getRequestRepository();
} else if (type.equals("serialNo")) {
@@ -147,7 +147,7 @@ public class UpdateNumberRange extends CMSServlet {
}
} else { // CA
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
+ ICertificateAuthority.ID);
if (type.equals("request")) {
repo = ca.getRequestQueue().getRequestRepository();
} else if (type.equals("serialNo")) {
@@ -161,22 +161,22 @@ public class UpdateNumberRange extends CMSServlet {
// This needs to be done beforehand to ensure that we always have enough
// replica numbers
if (type.equals("replicaId")) {
- CMS.debug("Checking replica number ranges");
- repo.checkRanges();
+ CMS.debug("Checking replica number ranges");
+ repo.checkRanges();
}
-
+
if (type.equals("request")) {
radix = 10;
endNumConfig = "dbs.endRequestNumber";
cloneNumConfig = "dbs.requestCloneTransferNumber";
nextEndConfig = "dbs.nextEndRequestNumber";
} else if (type.equals("serialNo")) {
- radix=16;
+ radix = 16;
endNumConfig = "dbs.endSerialNumber";
cloneNumConfig = "dbs.serialCloneTransferNumber";
nextEndConfig = "dbs.nextEndSerialNumber";
} else if (type.equals("replicaId")) {
- radix=10;
+ radix = 10;
endNumConfig = "dbs.endReplicaNumber";
cloneNumConfig = "dbs.replicaCloneTransferNumber";
nextEndConfig = "dbs.nextEndReplicaNumber";
@@ -192,11 +192,11 @@ public class UpdateNumberRange extends CMSServlet {
String nextEndNumStr = cs.getString(nextEndConfig, "");
BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
CMS.debug("Transferring from the end of on-deck range");
- String newValStr = endNum2.subtract(decrement).toString(radix);
- repo.setNextMaxSerial(newValStr);
- cs.putString(nextEndConfig, newValStr);
- beginNum = endNum2.subtract(decrement).add(oneNum);
- endNum = endNum2;
+ String newValStr = endNum2.subtract(decrement).toString(radix);
+ repo.setNextMaxSerial(newValStr);
+ cs.putString(nextEndConfig, newValStr);
+ beginNum = endNum2.subtract(decrement).add(oneNum);
+ endNum = endNum2;
} else {
CMS.debug("Transferring from the end of the current range");
String newValStr = beginNum.subtract(oneNum).toString(radix);
@@ -204,10 +204,9 @@ public class UpdateNumberRange extends CMSServlet {
cs.putString(endNumConfig, newValStr);
}
-
- if( beginNum == null ) {
- CMS.debug( "UpdateNumberRange::process() - " +
- "beginNum is null!" );
+ if (beginNum == null) {
+ CMS.debug("UpdateNumberRange::process() - " +
+ "beginNum is null!");
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
auditSubjectID,
@@ -219,7 +218,7 @@ public class UpdateNumberRange extends CMSServlet {
// Enable serial number management in master for certs and requests
if (type.equals("replicaId")) {
- repo.setEnableSerialMgmt(true);
+ repo.setEnableSerialMgmt(true);
}
// insert info
@@ -248,7 +247,7 @@ public class UpdateNumberRange extends CMSServlet {
audit(auditMessage);
} catch (Exception e) {
- CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString());
+ CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString());
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
@@ -261,12 +260,13 @@ public class UpdateNumberRange extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
index 2339c4c7..2d3e33f9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
@@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateOCSPConfig extends CMSServlet {
/**
@@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
if (authzToken == null) {
@@ -108,31 +108,31 @@ public class UpdateOCSPConfig extends CMSServlet {
nickname = cs.getString("ca.subsystem.nickname", "");
String tokenname = cs.getString("ca.subsystem.tokenname", "");
if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ nickname = tokenname + ":" + nickname;
} catch (Exception e) {
}
- CMS.debug("UpdateOCSPConfig process: nickname="+nickname);
+ CMS.debug("UpdateOCSPConfig process: nickname=" + nickname);
String ocsphost = httpReq.getParameter("ocsp_host");
String ocspport = httpReq.getParameter("ocsp_port");
try {
cs.putString("ca.publish.enable", "true");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
- ocsphost);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
- ocspport);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
- nickname);
+ cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
+ ocsphost);
+ cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
+ ocspport);
+ cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
+ nickname);
cs.putString("ca.publish.publisher.instance.OCSPPublisher.path",
- "/ocsp/agent/ocsp/addCRL");
+ "/ocsp/agent/ocsp/addCRL");
cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher");
cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true");
cs.putString("ca.publish.rule.instance.ocsprule.enable", "true");
cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap");
cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule");
- cs.putString("ca.publish.rule.instance.ocsprule.publisher",
- "OCSPPublisher");
+ cs.putString("ca.publish.rule.instance.ocsprule.publisher",
+ "OCSPPublisher");
cs.putString("ca.publish.rule.instance.ocsprule.type", "crl");
cs.commit(false);
// insert info
@@ -147,17 +147,18 @@ public class UpdateOCSPConfig extends CMSServlet {
outputResult(httpResp, "application/xml", cb);
} catch (Exception e) {
- CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString());
+ CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString());
outputError(httpResp, "Error: Failed to update OCSP configuration.");
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
protected void renderTemplate(
CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ throws IOException {// do nothing
+ }
protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
index 7b1c9959..4224c4eb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class WelcomePanel extends WizardPanelBase {
- public WelcomePanel() {}
+ public WelcomePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+ throws ServletException {
setPanelNo(panelno);
setName("Welcome");
setId(id);
@@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase {
cs.putBoolean("preop.welcome.done", false);
}
- public boolean isPanelDone() {
+ public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
return cs.getBoolean("preop.welcome.done");
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -80,7 +81,7 @@ public class WelcomePanel extends WizardPanelBase {
try {
context.put("cstype", cs.getString("cs.type"));
context.put("wizardname", cs.getString("preop.wizard.name"));
- context.put("panelname",
+ context.put("panelname",
cs.getString("preop.system.fullname") + " Configuration Wizard");
context.put("systemname",
cs.getString("preop.system.name"));
@@ -90,7 +91,8 @@ public class WelcomePanel extends WizardPanelBase {
cs.getString("preop.product.name"));
context.put("productversion",
cs.getString("preop.product.version"));
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
context.put("panel", "admin/console/config/welcomepanel.vm");
}
@@ -112,7 +114,8 @@ public class WelcomePanel extends WizardPanelBase {
try {
cs.putBoolean("preop.welcome.done", true);
cs.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
/**
@@ -120,5 +123,6 @@ public class WelcomePanel extends WizardPanelBase {
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
- Context context) {/* This should never be called */}
+ Context context) {/* This should never be called */
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
index 06eb63ff..f5a96bc8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class WelcomeServlet extends BaseServlet {
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index a2a7d5df..c7910bc8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.ConnectException;
@@ -95,15 +94,13 @@ public class WizardPanelBase implements IWizardPanel {
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException
- {
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
mPanelNo = panelno;
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException
- {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+ throws ServletException {
mPanelNo = panelno;
}
@@ -142,7 +139,7 @@ public class WizardPanelBase implements IWizardPanel {
return set;
}
-
+
/**
* Should we skip this panel?
*/
@@ -187,7 +184,8 @@ public class WizardPanelBase implements IWizardPanel {
*/
public void display(HttpServletRequest request,
HttpServletResponse response,
- Context context) {}
+ Context context) {
+ }
/**
* Checks if the given parameters are valid.
@@ -202,14 +200,16 @@ public class WizardPanelBase implements IWizardPanel {
*/
public void update(HttpServletRequest request,
HttpServletResponse response,
- Context context) throws IOException {}
+ Context context) throws IOException {
+ }
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
- Context context) {}
+ Context context) {
+ }
/**
* Retrieves locale based on the request.
@@ -233,7 +233,8 @@ public class WizardPanelBase implements IWizardPanel {
try {
instanceID = config.getString("instanceId", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String nickname = certTag + "Cert cert-" + instanceID;
String preferredNickname = null;
@@ -241,7 +242,8 @@ public class WizardPanelBase implements IWizardPanel {
try {
preferredNickname = config.getString(
PCERT_PREFIX + certTag + ".nickname", null);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (preferredNickname != null) {
nickname = preferredNickname;
@@ -250,7 +252,7 @@ public class WizardPanelBase implements IWizardPanel {
}
public void updateDomainXML(String hostname, int port, boolean https,
- String servlet, String uri) throws IOException {
+ String servlet, String uri) throws IOException {
CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
IConfigStore cs = CMS.getConfigStore();
String nickname = "";
@@ -258,17 +260,18 @@ public class WizardPanelBase implements IWizardPanel {
try {
nickname = cs.getString("preop.cert.subsystem.nickname", "");
tokenname = cs.getString("preop.module.token", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (!tokenname.equals("") &&
- !tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal")) {
- nickname = tokenname+":"+nickname;
+ !tokenname.equals("Internal Key Storage Token") &&
+ !tokenname.equals("internal")) {
+ nickname = tokenname + ":" + nickname;
}
CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname);
CMS.debug("WizardPanelBase: start sending updateDomainXML request");
- String c = getHttpResponse(hostname, port, https, servlet, uri, nickname);
+ String c = getHttpResponse(hostname, port, https, servlet, uri, nickname);
CMS.debug("WizardPanelBase: done sending updateDomainXML request");
if (c != null) {
@@ -278,9 +281,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
obj = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateDomainXML() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateDomainXML() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = obj.getValue("Status");
@@ -291,7 +294,7 @@ public class WizardPanelBase implements IWizardPanel {
} else {
String error = obj.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString());
throw e;
@@ -302,8 +305,8 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public int getSubsystemCount( String hostname, int https_admin_port,
- boolean https, String type )
+ public int getSubsystemCount(String hostname, int https_admin_port,
+ boolean https, String type)
throws IOException {
CMS.debug("WizardPanelBase getSubsystemCount start");
String c = getDomainXML(hostname, https_admin_port, true);
@@ -311,12 +314,12 @@ public class WizardPanelBase implements IWizardPanel {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject obj = new XMLObject(bis);
- String containerName = type+"List";
+ String containerName = type + "List";
Node n = obj.getContainer(containerName);
NodeList nlist = n.getChildNodes();
String countS = "";
- for (int i=0; i<nlist.getLength(); i++) {
- Element nn = (Element)nlist.item(i);
+ for (int i = 0; i < nlist.getLength(); i++) {
+ Element nn = (Element) nlist.item(i);
String tagname = nn.getTagName();
if (tagname.equals("SubsystemCount")) {
NodeList nlist1 = nn.getChildNodes();
@@ -325,7 +328,7 @@ public class WizardPanelBase implements IWizardPanel {
break;
}
}
- CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS);
+ CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS);
int num = 0;
if (countS != null && !countS.equals("")) {
@@ -337,7 +340,7 @@ public class WizardPanelBase implements IWizardPanel {
return num;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString());
+ CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString());
throw new IOException(e.toString());
}
}
@@ -345,12 +348,12 @@ public class WizardPanelBase implements IWizardPanel {
return -1;
}
- public String getDomainXML( String hostname, int https_admin_port,
- boolean https )
+ public String getDomainXML(String hostname, int https_admin_port,
+ boolean https)
throws IOException {
CMS.debug("WizardPanelBase getDomainXML start");
- String c = getHttpResponse( hostname, https_admin_port, https,
- "/ca/admin/ca/getDomainXML", null, null );
+ String c = getHttpResponse(hostname, https_admin_port, https,
+ "/ca/admin/ca/getDomainXML", null, null);
if (c != null) {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -359,9 +362,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getDomainXML() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getDomainXML() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -374,12 +377,12 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug(
"WizardPanelBase getDomainXML: domainInfo="
+ domainInfo);
- return domainInfo;
+ return domainInfo;
} else {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: getDomainXML: " + e.toString());
throw e;
@@ -392,29 +395,29 @@ public class WizardPanelBase implements IWizardPanel {
return null;
}
- public String getSubsystemCert(String host, int port, boolean https)
- throws IOException {
+ public String getSubsystemCert(String host, int port, boolean https)
+ throws IOException {
CMS.debug("WizardPanelBase getSubsystemCert start");
- String c = getHttpResponse(host, port, https,
- "/ca/admin/ca/getSubsystemCert", null, null);
+ String c = getHttpResponse(host, port, https,
+ "/ca/admin/ca/getSubsystemCert", null, null);
if (c != null) {
try {
- ByteArrayInputStream bis =
- new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis =
+ new ByteArrayInputStream(c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getSubsystemCert() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getSubsystemCert() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
if (status.equals(SUCCESS)) {
String s = parser.getValue("Cert");
return s;
} else
- return null;
+ return null;
} catch (Exception e) {
}
}
@@ -423,10 +426,10 @@ public class WizardPanelBase implements IWizardPanel {
}
public void updateConnectorInfo(String host, int port, boolean https,
- String content) throws IOException {
+ String content) throws IOException {
CMS.debug("WizardPanelBase updateConnectorInfo start");
- String c = getHttpResponse(host, port, https,
- "/ca/admin/ca/updateConnector", content, null);
+ String c = getHttpResponse(host, port, https,
+ "/ca/admin/ca/updateConnector", content, null);
if (c != null) {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -435,9 +438,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateConnectorInfo() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateConnectorInfo() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -447,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel {
if (!status.equals(SUCCESS)) {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
throw e;
@@ -458,16 +461,16 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public String getCertChainUsingSecureAdminPort( String hostname,
+ public String getCertChainUsingSecureAdminPort(String hostname,
int https_admin_port,
boolean https,
ConfigCertApprovalCallback
- certApprovalCallback )
+ certApprovalCallback)
throws IOException {
CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start");
- String c = getHttpResponse( hostname, https_admin_port, https,
+ String c = getHttpResponse(hostname, https_admin_port, https,
"/ca/admin/ca/getCertChain", null, null,
- certApprovalCallback );
+ certApprovalCallback);
if (c != null) {
try {
@@ -477,9 +480,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -493,12 +496,12 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug(
"WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
+ certchain);
- return certchain;
+ return certchain;
} else {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
throw e;
@@ -511,16 +514,16 @@ public class WizardPanelBase implements IWizardPanel {
return null;
}
- public String getCertChainUsingSecureEEPort( String hostname,
+ public String getCertChainUsingSecureEEPort(String hostname,
int https_ee_port,
boolean https,
ConfigCertApprovalCallback
- certApprovalCallback )
+ certApprovalCallback)
throws IOException {
CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start");
- String c = getHttpResponse( hostname, https_ee_port, https,
+ String c = getHttpResponse(hostname, https_ee_port, https,
"/ca/ee/ca/getCertChain", null, null,
- certApprovalCallback );
+ certApprovalCallback);
if (c != null) {
try {
@@ -530,9 +533,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -546,12 +549,12 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug(
"WizardPanelBase getCertChainUsingSecureEEPort: certchain="
+ certchain);
- return certchain;
+ return certchain;
} else {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
throw e;
@@ -565,8 +568,8 @@ public class WizardPanelBase implements IWizardPanel {
}
public boolean updateConfigEntries(String hostname, int port, boolean https,
- String servlet, String uri, IConfigStore config,
- HttpServletResponse response) throws IOException {
+ String servlet, String uri, IConfigStore config,
+ HttpServletResponse response) throws IOException {
CMS.debug("WizardPanelBase updateConfigEntries start");
String c = getHttpResponse(hostname, port, https, servlet, uri, null);
@@ -578,9 +581,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateConfigEntries() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateConfigEntries() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -594,11 +597,11 @@ public class WizardPanelBase implements IWizardPanel {
} catch (Exception e) {
CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString());
}
-
- Document doc = parser.getDocument();
+
+ Document doc = parser.getDocument();
NodeList list = doc.getElementsByTagName("name");
int len = list.getLength();
- for (int i=0; i<len; i++) {
+ for (int i = 0; i < len; i++) {
Node n = list.item(i);
NodeList nn = n.getChildNodes();
String name = nn.item(0).getNodeValue();
@@ -606,14 +609,14 @@ public class WizardPanelBase implements IWizardPanel {
nn = parent.getChildNodes();
int len1 = nn.getLength();
String v = "";
- for (int j=0; j<len1; j++) {
+ for (int j = 0; j < len1; j++) {
Node nv = nn.item(j);
String val = nv.getNodeName();
if (val.equals("value")) {
NodeList n2 = nv.getChildNodes();
if (n2.getLength() > 0)
- v = n2.item(0).getNodeValue();
- break;
+ v = n2.item(0).getNodeValue();
+ break;
}
}
@@ -625,7 +628,7 @@ public class WizardPanelBase implements IWizardPanel {
config.putString("preop.internaldb.master.binddn", v);
} else if (name.equals("internaldb.basedn")) {
config.putString(name, v);
- config.putString("preop.internaldb.master.basedn", v);
+ config.putString("preop.internaldb.master.basedn", v);
} else if (name.equals("internaldb.ldapauth.password")) {
config.putString("preop.internaldb.master.bindpwd", v);
} else if (name.equals("internaldb.replication.password")) {
@@ -649,7 +652,7 @@ public class WizardPanelBase implements IWizardPanel {
config.putString("preop.master.storage.nickname", v);
config.putString("kra.storageUnit.nickName", v);
config.putString("preop.cert.storage.nickname", v);
- } else if (name.equals("cloning.audit_signing.nickname")) {
+ } else if (name.equals("cloning.audit_signing.nickname")) {
config.putString("preop.master.audit_signing.nickname", v);
config.putString("preop.cert.audit_signing.nickname", v);
config.putString(name, v);
@@ -686,7 +689,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString());
throw e;
@@ -713,9 +716,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::authenticate() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::authenticate() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -729,7 +732,7 @@ public class WizardPanelBase implements IWizardPanel {
} else {
String error = parser.getValue("Error");
return false;
- }
+ }
} catch (Exception e) {
CMS.debug("WizardPanelBase: authenticate: " + e.toString());
throw new IOException(e.toString());
@@ -739,12 +742,12 @@ public class WizardPanelBase implements IWizardPanel {
return false;
}
- public void updateOCSPConfig(String hostname, int port, boolean https,
- String content, HttpServletResponse response)
- throws IOException {
+ public void updateOCSPConfig(String hostname, int port, boolean https,
+ String content, HttpServletResponse response)
+ throws IOException {
CMS.debug("WizardPanelBase updateOCSPConfig start");
- String c = getHttpResponse(hostname, port, https,
- "/ca/ee/ca/updateOCSPConfig", content, null);
+ String c = getHttpResponse(hostname, port, https,
+ "/ca/ee/ca/updateOCSPConfig", content, null);
if (c == null || c.equals("")) {
CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
throw new IOException("The server you want to contact is not available");
@@ -756,9 +759,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateOCSPConfig() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateOCSPConfig() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -774,7 +777,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString());
throw e;
@@ -785,10 +788,10 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public void updateNumberRange(String hostname, int port, boolean https,
- String content, String type, HttpServletResponse response)
- throws IOException {
- CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname +
+ public void updateNumberRange(String hostname, int port, boolean https,
+ String content, String type, HttpServletResponse response)
+ throws IOException {
+ CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname +
" port=" + port);
IConfigStore cs = CMS.getConfigStore();
String cstype = "";
@@ -798,13 +801,13 @@ public class WizardPanelBase implements IWizardPanel {
}
cstype = toLowerCaseSubsystemType(cstype);
- String c = getHttpResponse(hostname, port, https,
- "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null);
+ String c = getHttpResponse(hostname, port, https,
+ "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null);
if (c == null || c.equals("")) {
CMS.debug("WizardPanelBase updateNumberRange: content is null.");
throw new IOException("The server you want to contact is not available");
} else {
- CMS.debug("content="+c);
+ CMS.debug("content=" + c);
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = null;
@@ -812,9 +815,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateNumberRange() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateNumberRange() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -843,7 +846,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString());
CMS.debug(e);
@@ -856,9 +859,9 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public int getPort(String hostname, int port, boolean https,
- String portServlet, boolean sport)
- throws IOException {
+ public int getPort(String hostname, int port, boolean https,
+ String portServlet, boolean sport)
+ throws IOException {
CMS.debug("WizardPanelBase getPort start");
String c = getHttpResponse(hostname, port, https, portServlet,
"secure=" + sport, null);
@@ -871,9 +874,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getPort() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getPort() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -889,7 +892,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: getPort: " + e.toString());
throw e;
@@ -903,14 +906,14 @@ public class WizardPanelBase implements IWizardPanel {
}
public String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname) throws IOException {
+ String uri, String content, String clientnickname) throws IOException {
return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
}
- public String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname,
- SSLCertificateApprovalCallback certApprovalCallback)
- throws IOException {
+ public String getHttpResponse(String hostname, int port, boolean secure,
+ String uri, String content, String clientnickname,
+ SSLCertificateApprovalCallback certApprovalCallback)
+ throws IOException {
HttpClient httpclient = null;
String c = null;
@@ -960,8 +963,8 @@ public class WizardPanelBase implements IWizardPanel {
return c;
}
- public boolean isSDHostDomainMaster (IConfigStore config) {
- String dm="false";
+ public boolean isSDHostDomainMaster(IConfigStore config) {
+ String dm = "false";
try {
String hostname = config.getString("securitydomain.host");
int httpsadminport = config.getInteger("securitydomain.httpsadminport");
@@ -971,40 +974,40 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug("Getting DomainMaster from security domain");
- ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
- XMLObject parser = new XMLObject( bis );
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName( "CA" );
+ NodeList nodeList = doc.getElementsByTagName("CA");
int len = nodeList.getLength();
- for( int i = 0; i < len; i++ ) {
+ for (int i = 0; i < len; i++) {
Vector v_hostname =
- parser.getValuesFromContainer( nodeList.item(i),
- "Host" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "Host");
Vector v_https_admin_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAdminPort");
Vector v_domain_mgr =
- parser.getValuesFromContainer( nodeList.item(i),
- "DomainManager" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "DomainManager");
- if( v_hostname.elementAt( 0 ).equals( hostname ) &&
- v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) {
- dm = v_domain_mgr.elementAt( 0 ).toString();
+ if (v_hostname.elementAt(0).equals(hostname) &&
+ v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) {
+ dm = v_domain_mgr.elementAt(0).toString();
break;
}
}
} catch (Exception e) {
- CMS.debug( e.toString() );
+ CMS.debug(e.toString());
}
return dm.equalsIgnoreCase("true");
}
-
- public Vector getMasterUrlListFromSecurityDomain( IConfigStore config,
+
+ public Vector getMasterUrlListFromSecurityDomain(IConfigStore config,
String type,
- String portType ) {
+ String portType) {
Vector v = new Vector();
try {
@@ -1026,13 +1029,13 @@ public class WizardPanelBase implements IWizardPanel {
list = "TKSList";
}
- CMS.debug( "Getting " + portType + " from Security Domain ..." );
- if( !portType.equals( "UnSecurePort" ) &&
- !portType.equals( "SecureAgentPort" ) &&
- !portType.equals( "SecurePort" ) &&
- !portType.equals( "SecureAdminPort" ) ) {
- CMS.debug( "getPortFromSecurityDomain: " +
- "unknown port type " + portType );
+ CMS.debug("Getting " + portType + " from Security Domain ...");
+ if (!portType.equals("UnSecurePort") &&
+ !portType.equals("SecureAgentPort") &&
+ !portType.equals("SecurePort") &&
+ !portType.equals("SecureAdminPort")) {
+ CMS.debug("getPortFromSecurityDomain: " +
+ "unknown port type " + portType);
return v;
}
@@ -1050,8 +1053,8 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug("Len " + len);
for (int i = 0; i < len; i++) {
Vector v_clone = parser.getValuesFromContainer(nodeList.item(i),
- "Clone");
- String clone = (String)v_clone.elementAt(0);
+ "Clone");
+ String clone = (String) v_clone.elementAt(0);
if (clone.equalsIgnoreCase("true"))
continue;
Vector v_name = parser.getValuesFromContainer(nodeList.item(i),
@@ -1061,11 +1064,11 @@ public class WizardPanelBase implements IWizardPanel {
Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
portType);
- v.addElement( v_name.elementAt(0)
+ v.addElement(v_name.elementAt(0)
+ " - https://"
+ v_host.elementAt(0)
+ ":"
- + v_port.elementAt(0) );
+ + v_port.elementAt(0));
}
} catch (Exception e) {
CMS.debug(e.toString());
@@ -1074,9 +1077,9 @@ public class WizardPanelBase implements IWizardPanel {
return v;
}
- public Vector getUrlListFromSecurityDomain( IConfigStore config,
+ public Vector getUrlListFromSecurityDomain(IConfigStore config,
String type,
- String portType ) {
+ String portType) {
Vector v = new Vector();
try {
@@ -1098,13 +1101,13 @@ public class WizardPanelBase implements IWizardPanel {
list = "TKSList";
}
- CMS.debug( "Getting " + portType + " from Security Domain ..." );
- if( !portType.equals( "UnSecurePort" ) &&
- !portType.equals( "SecureAgentPort" ) &&
- !portType.equals( "SecurePort" ) &&
- !portType.equals( "SecureAdminPort" ) ) {
- CMS.debug( "getPortFromSecurityDomain: " +
- "unknown port type " + portType );
+ CMS.debug("Getting " + portType + " from Security Domain ...");
+ if (!portType.equals("UnSecurePort") &&
+ !portType.equals("SecureAgentPort") &&
+ !portType.equals("SecurePort") &&
+ !portType.equals("SecureAdminPort")) {
+ CMS.debug("getPortFromSecurityDomain: " +
+ "unknown port type " + portType);
return v;
}
@@ -1132,17 +1135,17 @@ public class WizardPanelBase implements IWizardPanel {
if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) {
// add security domain CA to the beginning of list
- v.add( 0, v_name.elementAt(0)
+ v.add(0, v_name.elementAt(0)
+ " - https://"
+ v_host.elementAt(0)
+ ":"
- + v_port.elementAt(0) );
+ + v_port.elementAt(0));
} else {
- v.addElement( v_name.elementAt(0)
+ v.addElement(v_name.elementAt(0)
+ " - https://"
+ v_host.elementAt(0)
+ ":"
- + v_port.elementAt(0) );
+ + v_port.elementAt(0));
}
}
} catch (Exception e) {
@@ -1154,155 +1157,155 @@ public class WizardPanelBase implements IWizardPanel {
// Given an HTTPS Hostname and EE port,
// retrieve the associated HTTPS Admin port
- public String getSecurityDomainAdminPort( IConfigStore config,
+ public String getSecurityDomainAdminPort(IConfigStore config,
String hostname,
String https_ee_port,
- String cstype ) {
+ String cstype) {
String https_admin_port = new String();
try {
- String sd_hostname = config.getString( "securitydomain.host" );
+ String sd_hostname = config.getString("securitydomain.host");
int sd_httpsadminport =
- config.getInteger( "securitydomain.httpsadminport" );
+ config.getInteger("securitydomain.httpsadminport");
- CMS.debug( "Getting domain.xml from CA ..." );
- String c = getDomainXML( sd_hostname, sd_httpsadminport, true );
+ CMS.debug("Getting domain.xml from CA ...");
+ String c = getDomainXML(sd_hostname, sd_httpsadminport, true);
- CMS.debug( "Getting associated HTTPS Admin port from " +
+ CMS.debug("Getting associated HTTPS Admin port from " +
"HTTPS Hostname '" + hostname +
- "' and EE port '" + https_ee_port + "'" );
- ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
- XMLObject parser = new XMLObject( bis );
+ "' and EE port '" + https_ee_port + "'");
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() );
+ NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase());
int len = nodeList.getLength();
- for( int i = 0; i < len; i++ ) {
+ for (int i = 0; i < len; i++) {
Vector v_hostname =
- parser.getValuesFromContainer( nodeList.item(i),
- "Host" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "Host");
Vector v_https_ee_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecurePort" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "SecurePort");
Vector v_https_admin_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAdminPort");
- if( v_hostname.elementAt( 0 ).equals( hostname ) &&
- v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
+ if (v_hostname.elementAt(0).equals(hostname) &&
+ v_https_ee_port.elementAt(0).equals(https_ee_port)) {
https_admin_port =
- v_https_admin_port.elementAt( 0 ).toString();
+ v_https_admin_port.elementAt(0).toString();
break;
}
}
} catch (Exception e) {
- CMS.debug( e.toString() );
+ CMS.debug(e.toString());
}
- return( https_admin_port );
+ return (https_admin_port);
}
- public String getSecurityDomainPort( IConfigStore config,
- String portType ) {
+ public String getSecurityDomainPort(IConfigStore config,
+ String portType) {
String port = new String();
try {
- String hostname = config.getString( "securitydomain.host" );
+ String hostname = config.getString("securitydomain.host");
int httpsadminport =
- config.getInteger( "securitydomain.httpsadminport" );
-
- CMS.debug( "Getting domain.xml from CA ..." );
- String c = getDomainXML( hostname, httpsadminport, true );
-
- CMS.debug( "Getting " + portType + " from Security Domain ..." );
- if( !portType.equals( "UnSecurePort" ) &&
- !portType.equals( "SecureAgentPort" ) &&
- !portType.equals( "SecurePort" ) &&
- !portType.equals( "SecureAdminPort" ) ) {
- CMS.debug( "getPortFromSecurityDomain: " +
- "unknown port type " + portType );
+ config.getInteger("securitydomain.httpsadminport");
+
+ CMS.debug("Getting domain.xml from CA ...");
+ String c = getDomainXML(hostname, httpsadminport, true);
+
+ CMS.debug("Getting " + portType + " from Security Domain ...");
+ if (!portType.equals("UnSecurePort") &&
+ !portType.equals("SecureAgentPort") &&
+ !portType.equals("SecurePort") &&
+ !portType.equals("SecureAdminPort")) {
+ CMS.debug("getPortFromSecurityDomain: " +
+ "unknown port type " + portType);
return "";
}
- ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
- XMLObject parser = new XMLObject( bis );
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName( "CA" );
+ NodeList nodeList = doc.getElementsByTagName("CA");
int len = nodeList.getLength();
- for( int i = 0; i < len; i++ ) {
+ for (int i = 0; i < len; i++) {
Vector v_admin_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
+ parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAdminPort");
Vector v_port = null;
- if( portType.equals( "UnSecurePort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "UnSecurePort" );
- } else if( portType.equals( "SecureAgentPort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "SecureAgentPort" );
- } else if( portType.equals( "SecurePort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "SecurePort" );
- } else if( portType.equals( "SecureAdminPort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
+ if (portType.equals("UnSecurePort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "UnSecurePort");
+ } else if (portType.equals("SecureAgentPort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAgentPort");
+ } else if (portType.equals("SecurePort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "SecurePort");
+ } else if (portType.equals("SecureAdminPort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAdminPort");
}
- if( ( v_port != null ) &&
- ( v_admin_port.elementAt( 0 ).equals(
- Integer.toString( httpsadminport ) ) ) ) {
- port = v_port.elementAt( 0 ).toString();
+ if ((v_port != null) &&
+ (v_admin_port.elementAt(0).equals(
+ Integer.toString(httpsadminport)))) {
+ port = v_port.elementAt(0).toString();
break;
}
}
} catch (Exception e) {
- CMS.debug( e.toString() );
+ CMS.debug(e.toString());
}
- return( port );
+ return (port);
}
- public String pingCS( String hostname, int port, boolean https,
- SSLCertificateApprovalCallback certApprovalCallback )
- throws IOException {
- CMS.debug( "WizardPanelBase pingCS: started" );
+ public String pingCS(String hostname, int port, boolean https,
+ SSLCertificateApprovalCallback certApprovalCallback)
+ throws IOException {
+ CMS.debug("WizardPanelBase pingCS: started");
- String c = getHttpResponse( hostname, port, https,
- "/ca/admin/ca/getStatus",
- null, null, certApprovalCallback );
+ String c = getHttpResponse(hostname, port, https,
+ "/ca/admin/ca/getStatus",
+ null, null, certApprovalCallback);
- if( c != null ) {
+ if (c != null) {
try {
ByteArrayInputStream bis = new
- ByteArrayInputStream( c.getBytes() );
+ ByteArrayInputStream(c.getBytes());
XMLObject parser = null;
String state = null;
try {
- parser = new XMLObject( bis );
- CMS.debug( "WizardPanelBase pingCS: got XML parsed" );
- state = parser.getValue( "State" );
+ parser = new XMLObject(bis);
+ CMS.debug("WizardPanelBase pingCS: got XML parsed");
+ state = parser.getValue("State");
- if( state != null ) {
- CMS.debug( "WizardPanelBase pingCS: state=" + state );
+ if (state != null) {
+ CMS.debug("WizardPanelBase pingCS: state=" + state);
}
} catch (Exception e) {
- CMS.debug( "WizardPanelBase: pingCS: parser failed"
- + e.toString() );
+ CMS.debug("WizardPanelBase: pingCS: parser failed"
+ + e.toString());
}
return state;
- } catch( Exception e ) {
- CMS.debug( "WizardPanelBase: pingCS: " + e.toString() );
- throw new IOException( e.toString() );
+ } catch (Exception e) {
+ CMS.debug("WizardPanelBase: pingCS: " + e.toString());
+ throw new IOException(e.toString());
}
}
- CMS.debug( "WizardPanelBase pingCS: stopped" );
+ CMS.debug("WizardPanelBase pingCS: stopped");
return null;
}
@@ -1311,7 +1314,7 @@ public class WizardPanelBase implements IWizardPanel {
if (s.equals("CA")) {
x = "ca";
} else if (s.equals("KRA")) {
- x = "kra";
+ x = "kra";
} else if (s.equals("OCSP")) {
x = "ocsp";
} else if (s.equals("TKS")) {
@@ -1321,14 +1324,14 @@ public class WizardPanelBase implements IWizardPanel {
return x;
}
- public void getTokenInfo(IConfigStore config, String type, String host,
- int https_ee_port, boolean https, Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+ public void getTokenInfo(IConfigStore config, String type, String host,
+ int https_ee_port, boolean https, Context context,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
CMS.debug("WizardPanelBase getTokenInfo start");
- String uri = "/"+type+"/ee/"+type+"/getTokenInfo";
- CMS.debug("WizardPanelBase getTokenInfo: uri="+uri);
+ String uri = "/" + type + "/ee/" + type + "/getTokenInfo";
+ CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri);
String c = getHttpResponse(host, https_ee_port, https, uri, null, null,
- certApprovalCallback);
+ certApprovalCallback);
if (c != null) {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -1337,9 +1340,9 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getTokenInfo() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getTokenInfo() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -1350,7 +1353,7 @@ public class WizardPanelBase implements IWizardPanel {
Document doc = parser.getDocument();
NodeList list = doc.getElementsByTagName("name");
int len = list.getLength();
- for (int i=0; i<len; i++) {
+ for (int i = 0; i < len; i++) {
Node n = list.item(i);
NodeList nn = n.getChildNodes();
String name = nn.item(0).getNodeValue();
@@ -1358,17 +1361,17 @@ public class WizardPanelBase implements IWizardPanel {
nn = parent.getChildNodes();
int len1 = nn.getLength();
String v = "";
- for (int j=0; j<len1; j++) {
+ for (int j = 0; j < len1; j++) {
Node nv = nn.item(j);
String val = nv.getNodeName();
if (val.equals("value")) {
NodeList n2 = nv.getChildNodes();
if (n2.getLength() > 0)
v = n2.item(0).getNodeValue();
- break;
+ break;
}
}
- if (name.equals("cloning.signing.nickname")) {
+ if (name.equals("cloning.signing.nickname")) {
config.putString("preop.master.signing.nickname", v);
config.putString(type + ".cert.signing.nickname", v);
config.putString(name, v);
@@ -1406,19 +1409,20 @@ public class WizardPanelBase implements IWizardPanel {
}
// reset nicknames for system cert verification
- String token = config.getString("preop.module.token",
+ String token = config.getString("preop.module.token",
"Internal Key Storage Token");
- if (! token.equals("Internal Key Storage Token")) {
+ if (!token.equals("Internal Key Storage Token")) {
String certlist = config.getString("preop.cert.list");
StringTokenizer t1 = new StringTokenizer(certlist, ",");
while (t1.hasMoreTokens()) {
String tag = t1.nextToken();
- if (tag.equals("sslserver")) continue;
- config.putString(type + ".cert." + tag + ".nickname",
- token + ":" +
- config.getString(type + ".cert." + tag + ".nickname", ""));
- }
+ if (tag.equals("sslserver"))
+ continue;
+ config.putString(type + ".cert." + tag + ".nickname",
+ token + ":" +
+ config.getString(type + ".cert." + tag + ".nickname", ""));
+ }
}
} else {
String error = parser.getValue("Error");
@@ -1431,7 +1435,7 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString());
throw new IOException(e.toString());
}
- }
+ }
}
public void importCertChain(String id) throws IOException {
@@ -1442,31 +1446,32 @@ public class WizardPanelBase implements IWizardPanel {
try {
pkcs7 = config.getString(configName, "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (pkcs7.length() > 0) {
try {
CryptoUtil.importCertificateChain(pkcs7);
} catch (Exception e) {
- CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString());
+ CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString());
}
}
}
public void updateCertChain(IConfigStore config, String name, String host,
- int https_admin_port, boolean https, Context context) throws IOException {
- updateCertChain( config, name, host, https_admin_port,
- https, context, null );
+ int https_admin_port, boolean https, Context context) throws IOException {
+ updateCertChain(config, name, host, https_admin_port,
+ https, context, null);
}
public void updateCertChain(IConfigStore config, String name, String host,
- int https_admin_port, boolean https, Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
- String certchain = getCertChainUsingSecureAdminPort( host,
+ int https_admin_port, boolean https, Context context,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+ String certchain = getCertChainUsingSecureAdminPort(host,
https_admin_port,
https,
- certApprovalCallback );
- config.putString("preop."+name+".pkcs7", certchain);
+ certApprovalCallback);
+ config.putString("preop." + name + ".pkcs7", certchain);
byte[] decoded = CryptoUtil.base64Decode(certchain);
java.security.cert.X509Certificate[] b_certchain = null;
@@ -1475,7 +1480,7 @@ public class WizardPanelBase implements IWizardPanel {
b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
} catch (Exception e) {
context.put("errorString",
- "Failed to get the certificate chain.");
+ "Failed to get the certificate chain.");
return;
}
@@ -1483,7 +1488,7 @@ public class WizardPanelBase implements IWizardPanel {
if (b_certchain != null) {
size = b_certchain.length;
}
- config.putInteger("preop."+name+".certchain.size", size);
+ config.putInteger("preop." + name + ".certchain.size", size);
for (int i = 0; i < size; i++) {
byte[] bb = null;
@@ -1491,11 +1496,11 @@ public class WizardPanelBase implements IWizardPanel {
bb = b_certchain[i].getEncoded();
} catch (Exception e) {
context.put("errorString",
- "Failed to get the der-encoded certificate chain.");
+ "Failed to get the der-encoded certificate chain.");
return;
}
- config.putString("preop."+name+".certchain." + i,
- CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+ config.putString("preop." + name + ".certchain." + i,
+ CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
}
try {
@@ -1504,16 +1509,16 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public void updateCertChainUsingSecureEEPort( IConfigStore config,
+ public void updateCertChainUsingSecureEEPort(IConfigStore config,
String name, String host,
int https_ee_port,
boolean https,
- Context context,
- ConfigCertApprovalCallback certApprovalCallback ) throws IOException {
- String certchain = getCertChainUsingSecureEEPort( host, https_ee_port,
+ Context context,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+ String certchain = getCertChainUsingSecureEEPort(host, https_ee_port,
https,
certApprovalCallback);
- config.putString("preop."+name+".pkcs7", certchain);
+ config.putString("preop." + name + ".pkcs7", certchain);
byte[] decoded = CryptoUtil.base64Decode(certchain);
java.security.cert.X509Certificate[] b_certchain = null;
@@ -1522,7 +1527,7 @@ public class WizardPanelBase implements IWizardPanel {
b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
} catch (Exception e) {
context.put("errorString",
- "Failed to get the certificate chain.");
+ "Failed to get the certificate chain.");
return;
}
@@ -1530,7 +1535,7 @@ public class WizardPanelBase implements IWizardPanel {
if (b_certchain != null) {
size = b_certchain.length;
}
- config.putInteger("preop."+name+".certchain.size", size);
+ config.putInteger("preop." + name + ".certchain.size", size);
for (int i = 0; i < size; i++) {
byte[] bb = null;
@@ -1538,11 +1543,11 @@ public class WizardPanelBase implements IWizardPanel {
bb = b_certchain[i].getEncoded();
} catch (Exception e) {
context.put("errorString",
- "Failed to get the der-encoded certificate chain.");
+ "Failed to get the der-encoded certificate chain.");
return;
}
- config.putString("preop."+name+".certchain." + i,
- CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+ config.putString("preop." + name + ".certchain." + i,
+ CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
}
try {
@@ -1558,26 +1563,26 @@ public class WizardPanelBase implements IWizardPanel {
CryptoStore store = tok.getCryptoStore();
String fullnickname = nickname;
if (!tokenname.equals("") &&
- !tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- fullnickname = tokenname+":"+nickname;
+ !tokenname.equals("Internal Key Storage Token") &&
+ !tokenname.equals("internal"))
+ fullnickname = tokenname + ":" + nickname;
- CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname);
+ CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname);
org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname);
if (store instanceof PK11Store) {
CMS.debug("WizardPanelBase deleteCert: this is pk11store");
- PK11Store pk11store = (PK11Store)store;
+ PK11Store pk11store = (PK11Store) store;
pk11store.deleteCertOnly(cert);
CMS.debug("WizardPanelBase deleteCert: cert deleted successfully");
}
} catch (Exception e) {
- CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString());
+ CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString());
}
}
public void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
- String dn, String[] entries) {
+ String dn, String[] entries) {
String[] attrs = null;
LDAPSearchConstraints cons = null;
String filter = "objectclass=*";
@@ -1595,23 +1600,23 @@ public class WizardPanelBase implements IWizardPanel {
}
}
} catch (Exception ee) {
- CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString());
+ CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString());
}
}
public void deleteEntry(LDAPConnection conn, String dn, String[] entries) {
try {
- for (int i=0; i<entries.length; i++) {
+ for (int i = 0; i < entries.length; i++) {
if (LDAPDN.equals(dn, entries[i])) {
- CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted.");
+ CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted.");
return;
}
}
- CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn);
+ CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn);
conn.delete(dn);
} catch (Exception e) {
- CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString());
+ CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString());
}
}
@@ -1624,12 +1629,12 @@ public class WizardPanelBase implements IWizardPanel {
int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
int panel = getPanelNo();
String subsystem = cs.getString("cs.type", "");
- String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+ String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+ String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
response.sendRedirect(sdurl);
} catch (Exception e) {
- CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString());
+ CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString());
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
index bbfa4b39..c7532c7a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class AdminRequestFilter implements Filter
-{
+public class AdminRequestFilter implements Filter {
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "Admin";
private static final String PROXY_PORT = "proxy_port";
private FilterConfig config;
-
+
/* Create a new AdminRequestFilter */
- public AdminRequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public AdminRequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig)
+ throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
+
+ public void doFilter(ServletRequest request,
ServletResponse response,
- FilterChain chain )
+ FilterChain chain)
throws java.io.IOException,
- ServletException
- {
+ ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -64,32 +62,32 @@ public class AdminRequestFilter implements Filter
String param_active = null;
// CMS.debug("Entering the admin filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
// RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
- if( ! scheme.equals( HTTPS_SCHEME ) ) {
+ if (!scheme.equals(HTTPS_SCHEME)) {
msg = "The scheme MUST be '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+ + "', NOT '" + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+ + "' </param-name> " + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
return;
}
@@ -97,29 +95,29 @@ public class AdminRequestFilter implements Filter
boolean bad_port = false;
// Compare the request and param "https" ports
- if( ! param_https_port.equals( request_port ) ) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
- if (param_proxy_port != null) {
+ if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null) && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
@@ -128,11 +126,9 @@ public class AdminRequestFilter implements Filter
// CMS.debug("Exiting the admin filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
index 1ae44a64..4225aed7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class AgentRequestFilter implements Filter
-{
+public class AgentRequestFilter implements Filter {
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "Agent";
private static final String PROXY_PORT = "proxy_port";
private FilterConfig config;
-
+
/* Create a new AgentRequestFilter */
- public AgentRequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public AgentRequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig)
+ throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
+
+ public void doFilter(ServletRequest request,
ServletResponse response,
- FilterChain chain )
+ FilterChain chain)
throws java.io.IOException,
- ServletException
- {
+ ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -65,32 +63,32 @@ public class AgentRequestFilter implements Filter
String param_active = null;
// CMS.debug("Entering the agent filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
// RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
- if( ! scheme.equals( HTTPS_SCHEME ) ) {
+ if (!scheme.equals(HTTPS_SCHEME)) {
msg = "The scheme MUST be '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+ + "', NOT '" + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+ + "' </param-name> " + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
return;
}
@@ -98,29 +96,29 @@ public class AgentRequestFilter implements Filter
boolean bad_port = false;
// Compare the request and param "https" ports
- if( ! param_https_port.equals( request_port ) ) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null) && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
@@ -128,11 +126,9 @@ public class AgentRequestFilter implements Filter
}
// CMS.debug("Exiting the Agent filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
index 8b53c6c6..8c62cd31 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class EEClientAuthRequestFilter implements Filter
-{
+public class EEClientAuthRequestFilter implements Filter {
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "EE Client Auth";
private static final String PROXY_PORT = "proxy_port";
private FilterConfig config;
-
+
/* Create a new EEClientAuthRequestFilter */
- public EEClientAuthRequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public EEClientAuthRequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig)
+ throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
+
+ public void doFilter(ServletRequest request,
ServletResponse response,
- FilterChain chain )
+ FilterChain chain)
throws java.io.IOException,
- ServletException
- {
+ ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -64,32 +62,32 @@ public class EEClientAuthRequestFilter implements Filter
String param_proxy_port = null;
// CMS.debug("Entering the EECA filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
// RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
- if( ! scheme.equals( HTTPS_SCHEME ) ) {
+ if (!scheme.equals(HTTPS_SCHEME)) {
msg = "The scheme MUST be '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+ + "', NOT '" + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+ + "' </param-name> " + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
return;
}
@@ -97,41 +95,39 @@ public class EEClientAuthRequestFilter implements Filter
boolean bad_port = false;
// Compare the request and param "https" ports
- if( ! param_https_port.equals( request_port ) ) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null) && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
}
}
- // CMS.debug("exiting the EECA filter");
+ // CMS.debug("exiting the EECA filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
index f66cf087..8a8bea01 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
@@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class EERequestFilter implements Filter
-{
+public class EERequestFilter implements Filter {
private static final String HTTP_SCHEME = "http";
private static final String HTTP_PORT = "http_port";
private static final String HTTP_ROLE = "EE";
@@ -40,22 +39,21 @@ public class EERequestFilter implements Filter
private static final String PROXY_HTTP_PORT = "proxy_http_port";
private FilterConfig config;
-
+
/* Create a new EERequestFilter */
- public EERequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public EERequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig)
+ throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
+
+ public void doFilter(ServletRequest request,
ServletResponse response,
- FilterChain chain )
+ FilterChain chain)
throws java.io.IOException,
- ServletException
- {
+ ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -70,45 +68,45 @@ public class EERequestFilter implements Filter
String param_active = null;
// CMS.debug("Entering the EE filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
// RFC 1738: verify that scheme is either "http" or "https"
scheme = request.getScheme();
- if( ( ! scheme.equals( HTTP_SCHEME ) ) &&
- ( ! scheme.equals( HTTPS_SCHEME ) ) ) {
+ if ((!scheme.equals(HTTP_SCHEME)) &&
+ (!scheme.equals(HTTPS_SCHEME))) {
msg = "The scheme MUST be either '" + HTTP_SCHEME
- + "' or '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
- return;
+ + "' or '" + HTTPS_SCHEME
+ + "', NOT '" + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
+ return;
}
// Always obtain either an "http" or an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "http" port passed in as a parameter
- param_http_port = config.getInitParameter( HTTP_PORT );
- if( param_http_port == null ) {
+ param_http_port = config.getInitParameter(HTTP_PORT);
+ if (param_http_port == null) {
msg = "The <param-name> '" + HTTP_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
- return;
+ + "' </param-name> " + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+ return;
}
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
- return;
+ + "' </param-name> " + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+ return;
}
param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT);
@@ -119,58 +117,58 @@ public class EERequestFilter implements Filter
// the request and param "http" ports;
// otherwise, if the scheme is "https", compare
// the request and param "https" ports
- if( scheme.equals( HTTP_SCHEME ) ) {
- if( ! param_http_port.equals( request_port ) ) {
+ if (scheme.equals(HTTP_SCHEME)) {
+ if (!param_http_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
- if (param_proxy_http_port != null) {
+ if (param_proxy_http_port != null) {
if (!param_proxy_http_port.equals(request_port)) {
msg = "Use HTTP port '" + param_http_port
- + "' or proxy port '" + param_proxy_http_port
- + "' instead of '" + request_port
- + "' when performing " + HTTP_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_http_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTP_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTP port '" + param_http_port
- + "' instead of '" + request_port
- + "' when performing " + HTTP_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTP_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null) && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
}
- } else if( scheme.equals( HTTPS_SCHEME ) ) {
- if( ! param_https_port.equals( request_port ) ) {
+ } else if (scheme.equals(HTTPS_SCHEME)) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
- if (param_proxy_port != null) {
+ if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null) && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
@@ -180,11 +178,9 @@ public class EERequestFilter implements Filter
}
// CMS.debug("Exiting the EE filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
index 166036a9..d7c3ffae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -43,13 +42,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* A class representing a recoverKey servlet. This servlet
* shows key information and presents a list of text boxes
* so that recovery agents can type in their identifiers
* and passwords.
- *
+ *
* @version $Revision$, $Date$
*/
public class ConfirmRecoverBySerial extends CMSServlet {
@@ -59,8 +57,8 @@ public class ConfirmRecoverBySerial extends CMSServlet {
*/
private static final long serialVersionUID = 2221819191344494389L;
private final static String INFO = "recoverBySerial";
- private final static String TPL_FILE =
- "confirmRecoverBySerial.template";
+ private final static String TPL_FILE =
+ "confirmRecoverBySerial.template";
private final static String IN_SERIALNO = "serialNumber";
private final static String OUT_SERIALNO = IN_SERIALNO;
@@ -95,22 +93,22 @@ public class ConfirmRecoverBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
- * Serves HTTP request. The format of this request is
+ * Serves HTTP request. The format of this request is
* as follows:
- * confirmRecoverBySerial?
- * [serialNumber=<serialno>]
+ * confirmRecoverBySerial?
+ * [serialNumber=<serialno>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
// Note that we should try to handle all the exceptions
// instead of passing it up back to the servlet
// framework.
-
+
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -123,9 +121,9 @@ public class ConfirmRecoverBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -147,8 +145,8 @@ public class ConfirmRecoverBySerial extends CMSServlet {
process(argSet, header, seqNum, req, resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
try {
@@ -157,10 +155,10 @@ public class ConfirmRecoverBySerial extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -169,17 +167,17 @@ public class ConfirmRecoverBySerial extends CMSServlet {
* Requests for a list of agent passwords.
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, int seq,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, int seq,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
try {
header.addIntegerValue(OUT_SERIALNO, seq);
header.addIntegerValue(OUT_M,
- mRecoveryService.getNoOfRequiredAgents());
+ mRecoveryService.getNoOfRequiredAgents());
header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ req.getRequestURI());
IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
Integer.toString(seq)));
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
index 510f1ac3..a3490d89 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display a specific Key Archival Request
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerial extends CMSServlet {
@@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "displayBySerial.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet {
* <ul>
* <li>http.param serialNumber serial number of the key archival request
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -119,10 +117,10 @@ public class DisplayBySerial extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -137,9 +135,9 @@ public class DisplayBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
// Note that we should try to handle all the exceptions
@@ -159,7 +157,7 @@ public class DisplayBySerial extends CMSServlet {
process(argSet, header, seqNum, req, resp, locale[0]);
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
try {
@@ -169,9 +167,9 @@ public class DisplayBySerial extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
@@ -179,15 +177,15 @@ public class DisplayBySerial extends CMSServlet {
* Display information about a particular key.
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, int seq,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, int seq,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
try {
header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
- IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
+ req.getRequestURI());
+ IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
BigInteger(Integer.toString(seq)));
KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
index 2ef78c64..1ef0ba40 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display a Specific Key Archival Request, and initiate
* key recovery process
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerialForRecovery extends CMSServlet {
@@ -80,7 +78,7 @@ public class DisplayBySerialForRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "displayBySerialForRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -95,17 +93,17 @@ public class DisplayBySerialForRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
- * <li>http.param serialNumber request ID of key archival request
- * <li>http.param publicKeyData
+ * <li>http.param serialNumber request ID of key archival request
+ * <li>http.param publicKeyData
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -121,10 +119,10 @@ public class DisplayBySerialForRecovery extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -139,9 +137,9 @@ public class DisplayBySerialForRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
// Note that we should try to handle all the exceptions
@@ -159,12 +157,12 @@ public class DisplayBySerialForRecovery extends CMSServlet {
seqNum = Integer.parseInt(
req.getParameter(IN_SERIALNO));
}
- process(argSet, header,
- req.getParameter("publicKeyData"),
- seqNum, req, resp, locale[0]);
+ process(argSet, header,
+ req.getParameter("publicKeyData"),
+ seqNum, req, resp, locale[0]);
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (Exception e) {
e.printStackTrace();
System.out.println(e.toString());
@@ -176,9 +174,9 @@ public class DisplayBySerialForRecovery extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -187,23 +185,23 @@ public class DisplayBySerialForRecovery extends CMSServlet {
* Display information about a particular key.
*/
private synchronized void process(CMSTemplateParams argSet,
- IArgBlock header, String publicKeyData, int seq,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String publicKeyData, int seq,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
try {
header.addIntegerValue("noOfRequiredAgents",
- mService.getNoOfRequiredAgents());
+ mService.getNoOfRequiredAgents());
header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ req.getParameter(OUT_OP));
header.addStringValue("keySplitting",
- CMS.getConfigStore().getString("kra.keySplitting"));
+ CMS.getConfigStore().getString("kra.keySplitting"));
header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ req.getRequestURI());
if (publicKeyData != null) {
header.addStringValue("publicKeyData",
- publicKeyData);
+ publicKeyData);
}
- IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
+ IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
BigInteger(Integer.toString(seq)));
KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
index d4baf181..a86a676b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -34,11 +33,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Retrieve Transport Certificate used to
+ * Retrieve Transport Certificate used to
* wrap Private key Archival requests
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayTransport extends CMSServlet {
@@ -67,13 +65,13 @@ public class DisplayTransport extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -98,21 +96,21 @@ public class DisplayTransport extends CMSServlet {
}
try {
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) mAuthority;
+ IKeyRecoveryAuthority kra =
+ (IKeyRecoveryAuthority) mAuthority;
ITransportKeyUnit tu = kra.getTransportKeyUnit();
org.mozilla.jss.crypto.X509Certificate transportCert =
- tu.getCertificate();
+ tu.getCertificate();
resp.setStatus(HttpServletResponse.SC_OK);
resp.setContentType("text/html");
- String content = "";
+ String content = "";
content += "<HTML><PRE>";
- String mime64 =
- "-----BEGIN CERTIFICATE-----\n" +
- CMS.BtoA(transportCert.getEncoded()) +
- "-----END CERTIFICATE-----\n";
+ String mime64 =
+ "-----BEGIN CERTIFICATE-----\n" +
+ CMS.BtoA(transportCert.getEncoded()) +
+ "-----END CERTIFICATE-----\n";
content += mime64;
content += "</PRE></HTML>";
@@ -120,9 +118,9 @@ public class DisplayTransport extends CMSServlet {
resp.getOutputStream().write(content.getBytes());
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
index 9fbad7a6..bc23e635 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Hashtable;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * View the Key Recovery Request
- *
+ * View the Key Recovery Request
+ *
* @version $Revision$, $Date$
*/
public class ExamineRecovery extends CMSServlet {
@@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet {
* <ul>
* <li>http.param recoveryID recovery request ID
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
@@ -127,10 +125,10 @@ public class ExamineRecovery extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -145,9 +143,9 @@ public class ExamineRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -158,9 +156,9 @@ public class ExamineRecovery extends CMSServlet {
EBaseException error = null;
try {
- process(argSet, header,
- req.getParameter("recoveryID"),
- req, resp, locale[0]);
+ process(argSet, header,
+ req.getParameter("recoveryID"),
+ req, resp, locale[0]);
} catch (EBaseException e) {
error = e;
} catch (Exception e) {
@@ -184,12 +182,12 @@ public class ExamineRecovery extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- ServletOutputStream out = resp.getOutputStream();
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ ServletOutputStream out = resp.getOutputStream();
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
@@ -197,9 +195,9 @@ public class ExamineRecovery extends CMSServlet {
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
@@ -208,41 +206,40 @@ public class ExamineRecovery extends CMSServlet {
* provided by the administrator.
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, String recoveryID,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ IArgBlock header, String recoveryID,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale)
+ throws EBaseException {
try {
header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ req.getRequestURI());
header.addStringValue("keySplitting",
- CMS.getConfigStore().getString("kra.keySplitting"));
+ CMS.getConfigStore().getString("kra.keySplitting"));
Hashtable params = mService.getRecoveryParams(
recoveryID);
if (params == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+ CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
}
- String keyID = (String)params.get("keyID");
- header.addStringValue("serialNumber", keyID);
+ String keyID = (String) params.get("keyID");
+ header.addStringValue("serialNumber", keyID);
header.addStringValue("recoveryID", recoveryID);
- IKeyRepository mKeyDB =
- ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
+ IKeyRepository mKeyDB =
+ ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
BigInteger(keyID));
KeyRecordParser.fillRecordIntoArg(rec, header);
-
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, "Error e " + e);
throw e;
- }
+ }
/*
catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
index 4bd4d45b..79bb937e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Check to see if a Key Recovery Request has been approved
- *
+ *
* @version $Revision$, $Date$
*/
public class GetApprovalStatus extends CMSServlet {
@@ -81,7 +79,7 @@ public class GetApprovalStatus extends CMSServlet {
* initialize the servlet. This servlet uses the template files
* "getApprovalStatus.template" and "finishRecovery.template"
* to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet {
* <ul>
* <li>http.param recoveryID request ID to check
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -148,12 +146,12 @@ public class GetApprovalStatus extends CMSServlet {
if (params == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+ CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+ CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
}
header.addStringValue("serialNumber",
- (String) params.get("keyID"));
+ (String) params.get("keyID"));
int requiredNumber = mService.getNoOfRequiredAgents();
@@ -174,7 +172,7 @@ public class GetApprovalStatus extends CMSServlet {
if (pkcs12 != null) {
rComplete = 1;
- header.addStringValue(OUT_STATUS, "complete");
+ header.addStringValue(OUT_STATUS, "complete");
/*
mService.destroyRecoveryParams(recoveryID);
@@ -193,8 +191,8 @@ public class GetApprovalStatus extends CMSServlet {
*/
} else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
// error in recovery process
- header.addStringValue(OUT_ERROR,
- ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+ header.addStringValue(OUT_ERROR,
+ ((IKeyRecoveryAuthority) mService).getError(recoveryID));
rComplete = 1;
} else {
// pk12 hasn't been created yet.
@@ -210,16 +208,16 @@ public class GetApprovalStatus extends CMSServlet {
mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH;
} else {
mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE;
- }
+ }
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
ServletOutputStream out = resp.getOutputStream();
@@ -228,9 +226,9 @@ public class GetApprovalStatus extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
index cea08af3..4a962838 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Locale;
@@ -42,11 +41,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Get the recovered key in PKCS#12 format
- * - for asynchronous key recovery only
- *
+ * - for asynchronous key recovery only
+ *
*/
public class GetAsyncPk12 extends CMSServlet {
@@ -67,13 +65,11 @@ public class GetAsyncPk12 extends CMSServlet {
private com.netscape.certsrv.kra.IKeyService mService = null;
private final static String OUT_STATUS = "status";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
private String mFormPath = null;
@@ -87,7 +83,7 @@ public class GetAsyncPk12 extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "finishAsyncRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,8 +99,8 @@ public class GetAsyncPk12 extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -112,7 +108,7 @@ public class GetAsyncPk12 extends CMSServlet {
* <ul>
* <li>http.param reqID request id for recovery
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -132,10 +128,10 @@ public class GetAsyncPk12 extends CMSServlet {
mAuthzResourceName, "download");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -150,9 +146,9 @@ public class GetAsyncPk12 extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -173,9 +169,9 @@ public class GetAsyncPk12 extends CMSServlet {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (agent == null ) {
- CMS.debug( "GetAsyncPk12::process() - agent is null!" );
- throw new EBaseException( "agent is null" );
+ if (agent == null) {
+ CMS.debug("GetAsyncPk12::process() - agent is null!");
+ throw new EBaseException("agent is null");
}
String initAgent = "undefined";
@@ -183,18 +179,18 @@ public class GetAsyncPk12 extends CMSServlet {
if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) {
log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
- reqID, initAgent));
+ CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
+ reqID, initAgent));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
- reqID, initAgent));
+ CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
+ reqID, initAgent));
}
// The async recovery request must be in "approved" state
// i.e. all required # of recovery agents approved
if (mService.isApprovedAsyncKeyRecovery(reqID) != true) {
CMS.debug("GetAsyncPk12::process() - # required recovery agents not met");
- throw new EBaseException( "# required recovery agents not met" );
+ throw new EBaseException("# required recovery agents not met");
}
String password = req.getParameter(IN_PASSWORD);
@@ -202,11 +198,11 @@ public class GetAsyncPk12 extends CMSServlet {
if (password == null || password.equals("")) {
header.addStringValue(OUT_ERROR, "PKCS12 password not found");
- throw new EBaseException( "PKCS12 password not found" );
+ throw new EBaseException("PKCS12 password not found");
}
if (passwordAgain == null || !passwordAgain.equals(password)) {
header.addStringValue(OUT_ERROR, "PKCS12 password not matched");
- throw new EBaseException( "PKCS12 password not matched" );
+ throw new EBaseException("PKCS12 password not matched");
}
// got all approval, return pk12
@@ -219,23 +215,23 @@ public class GetAsyncPk12 extends CMSServlet {
mRenderResult = false;
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
- agent,
- ILogger.SUCCESS,
- reqID,
- "");
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+ agent,
+ ILogger.SUCCESS,
+ reqID,
+ "");
- audit(auditMessage);
+ audit(auditMessage);
return;
} catch (IOException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
} else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) {
// error in recovery process
- header.addStringValue(OUT_ERROR,
- ((IKeyRecoveryAuthority) mService).getError(reqID));
+ header.addStringValue(OUT_ERROR,
+ ((IKeyRecoveryAuthority) mService).getError(reqID));
} else {
// pk12 hasn't been created yet. Shouldn't get here
}
@@ -245,11 +241,11 @@ public class GetAsyncPk12 extends CMSServlet {
if ((agent != null) && (reqID != null)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
- agent,
- ILogger.FAILURE,
- reqID,
- "");
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+ agent,
+ ILogger.FAILURE,
+ reqID,
+ "");
audit(auditMessage);
}
@@ -261,9 +257,9 @@ public class GetAsyncPk12 extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
index b3651774..f27e966d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Hashtable;
import java.util.Locale;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Get the recovered key in PKCS#12 format
- *
+ *
* @version $Revision$, $Date$
*/
public class GetPk12 extends CMSServlet {
@@ -66,13 +64,11 @@ public class GetPk12 extends CMSServlet {
private com.netscape.certsrv.kra.IKeyService mService = null;
private final static String OUT_STATUS = "status";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
private String mFormPath = null;
@@ -86,7 +82,7 @@ public class GetPk12 extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "finishRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -102,8 +98,8 @@ public class GetPk12 extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -111,7 +107,7 @@ public class GetPk12 extends CMSServlet {
* <ul>
* <li>http.param recoveryID ID of request to recover
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -131,10 +127,10 @@ public class GetPk12 extends CMSServlet {
mAuthzResourceName, "download");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -149,9 +145,9 @@ public class GetPk12 extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -170,9 +166,9 @@ public class GetPk12 extends CMSServlet {
if (params == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+ CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+ CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
}
// only the init DRM agent can get the pkcs12
@@ -181,26 +177,26 @@ public class GetPk12 extends CMSServlet {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (agent == null ) {
- CMS.debug( "GetPk12::process() - agent is null!" );
- throw new EBaseException( "agent is null" );
+ if (agent == null) {
+ CMS.debug("GetPk12::process() - agent is null!");
+ throw new EBaseException("agent is null");
}
- String initAgent = (String) params.get("agent");
+ String initAgent = (String) params.get("agent");
if (!agent.equals(initAgent)) {
log(ILogger.LL_SECURITY,
-
- CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
+
+ CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
recoveryID,
initAgent));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_AGENT",
- agent, initAgent, recoveryID));
+ CMS.getUserMessage("CMS_GW_INVALID_AGENT",
+ agent, initAgent, recoveryID));
}
header.addStringValue("serialNumber",
- (String) params.get("keyID"));
+ (String) params.get("keyID"));
// got all approval, return pk12
byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
@@ -213,23 +209,23 @@ public class GetPk12 extends CMSServlet {
mRenderResult = false;
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
- agent,
- ILogger.SUCCESS,
- recoveryID,
- "");
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+ agent,
+ ILogger.SUCCESS,
+ recoveryID,
+ "");
audit(auditMessage);
return;
} catch (IOException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
} else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
// error in recovery process
- header.addStringValue(OUT_ERROR,
- ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+ header.addStringValue(OUT_ERROR,
+ ((IKeyRecoveryAuthority) mService).getError(recoveryID));
} else {
// pk12 hasn't been created yet. Shouldn't get here
}
@@ -239,11 +235,11 @@ public class GetPk12 extends CMSServlet {
if ((agent != null) && (recoveryID != null)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
- agent,
- ILogger.FAILURE,
- recoveryID,
- "");
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+ agent,
+ ILogger.FAILURE,
+ recoveryID,
+ "");
audit(auditMessage);
}
@@ -255,9 +251,9 @@ public class GetPk12 extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
index a868f47c..dad21487 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
@@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Approve an asynchronous key recovery request
- *
+ *
*/
public class GrantAsyncRecovery extends CMSServlet {
@@ -69,7 +68,7 @@ public class GrantAsyncRecovery extends CMSServlet {
private String mFormPath = null;
private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+ "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
/**
* Constructs EA servlet.
@@ -81,7 +80,7 @@ public class GrantAsyncRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* 'grantAsyncRecovery.template' to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -98,8 +97,8 @@ public class GrantAsyncRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -107,9 +106,9 @@ public class GrantAsyncRecovery extends CMSServlet {
* <ul>
* <li>http.param reqID request ID of the request to approve
* <li>http.param agentID User ID of the agent approving the request
-
+ *
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -128,10 +127,10 @@ public class GrantAsyncRecovery extends CMSServlet {
mAuthzResourceName, "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -146,9 +145,9 @@ public class GrantAsyncRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -161,13 +160,13 @@ public class GrantAsyncRecovery extends CMSServlet {
CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID);
CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID"));
try {
- process(argSet, header,
- req.getParameter("reqID"),
- agentID,
- req, resp, locale[0]);
+ process(argSet, header,
+ req.getParameter("reqID"),
+ agentID,
+ req, resp, locale[0]);
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
try {
ServletOutputStream out = resp.getOutputStream();
@@ -176,9 +175,9 @@ public class GrantAsyncRecovery extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -186,12 +185,11 @@ public class GrantAsyncRecovery extends CMSServlet {
/**
* Update agent approval list
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
- * whenever DRM agents login as recovery agents to approve key recovery
- * requests
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param reqID string containing the recovery request ID
@@ -201,10 +199,10 @@ public class GrantAsyncRecovery extends CMSServlet {
* @param locale the system locale
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, String reqID,
- String agentID,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String reqID,
+ String agentID,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequestID = reqID;
@@ -234,9 +232,9 @@ public class GrantAsyncRecovery extends CMSServlet {
try {
header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ req.getRequestURI());
// update approving agent list
mService.addAgentAsyncKeyRecovery(reqID, agentID);
@@ -281,4 +279,3 @@ public class GrantAsyncRecovery extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
index 9a7238be..a7069644 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Hashtable;
import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Approve a key recovery request
- *
+ *
* @version $Revision$, $Date$
*/
public class GrantRecovery extends CMSServlet {
@@ -74,7 +72,7 @@ public class GrantRecovery extends CMSServlet {
private String mFormPath = null;
private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+ "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
/**
* Constructs EA servlet.
@@ -86,7 +84,7 @@ public class GrantRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* 'grantRecovery.template' to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,19 +101,19 @@ public class GrantRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
* <li>http.param recoveryID ID of the request to approve
- * <li>http.param agentID User ID of the agent approving the request
- * <li>http.param agentPWD Password of the agent approving the request
-
+ * <li>http.param agentID User ID of the agent approving the request
+ * <li>http.param agentPWD Password of the agent approving the request
+ *
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -132,10 +130,10 @@ public class GrantRecovery extends CMSServlet {
mAuthzResourceName, "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -150,9 +148,9 @@ public class GrantRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -166,14 +164,14 @@ public class GrantRecovery extends CMSServlet {
agentID = req.getParameter("agentID");
}
try {
- process(argSet, header,
- req.getParameter("recoveryID"),
- agentID,
- req.getParameter("agentPWD"),
- req, resp, locale[0]);
+ process(argSet, header,
+ req.getParameter("recoveryID"),
+ agentID,
+ req.getParameter("agentPWD"),
+ req, resp, locale[0]);
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
try {
ServletOutputStream out = resp.getOutputStream();
@@ -182,9 +180,9 @@ public class GrantRecovery extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -193,12 +191,11 @@ public class GrantRecovery extends CMSServlet {
* Recovers a key. The p12 will be protected by the password
* provided by the administrator.
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
- * whenever DRM agents login as recovery agents to approve key recovery
- * requests
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param recoveryID string containing the recovery ID
@@ -209,10 +206,10 @@ public class GrantRecovery extends CMSServlet {
* @param locale the system locale
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, String recoveryID,
- String agentID, String agentPWD,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String recoveryID,
+ String agentID, String agentPWD,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRecoveryID = recoveryID;
@@ -242,15 +239,15 @@ public class GrantRecovery extends CMSServlet {
try {
header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ req.getRequestURI());
Hashtable h = mService.getRecoveryParams(recoveryID);
if (h == null) {
- header.addStringValue(OUT_ERROR,
- "No such token found");
+ header.addStringValue(OUT_ERROR,
+ "No such token found");
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -265,13 +262,13 @@ public class GrantRecovery extends CMSServlet {
return;
}
header.addStringValue("serialNumber",
- (String) h.get("keyID"));
+ (String) h.get("keyID"));
mService.addDistributedCredential(recoveryID, agentID, agentPWD);
header.addStringValue("agentID",
- agentID);
+ agentID);
header.addStringValue("recoveryID",
- recoveryID);
+ recoveryID);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -310,4 +307,3 @@ public class GrantRecovery extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
index 9ce8585f..1171236b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.util.Date;
import com.netscape.certsrv.apps.CMS;
@@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord;
/**
* Output a 'pretty print' of a Key Archival record
- *
+ *
* @version $Revision$, $Date$
*/
public class KeyRecordParser {
@@ -44,28 +43,27 @@ public class KeyRecordParser {
public final static String OUT_RECOVERED_BY = "recoveredBy";
public final static String OUT_RECOVERED_ON = "recoveredOn";
-
/**
* Fills key record into argument block.
*/
- public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
- throws EBaseException {
+ public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
+ throws EBaseException {
if (rec == null)
return;
rarg.addStringValue(OUT_STATE,
- rec.getState().toString());
+ rec.getState().toString());
rarg.addStringValue(OUT_OWNER_NAME,
- rec.getOwnerName());
+ rec.getOwnerName());
rarg.addIntegerValue(OUT_SERIALNO,
- rec.getSerialNumber().intValue());
+ rec.getSerialNumber().intValue());
rarg.addStringValue(OUT_KEY_ALGORITHM,
- rec.getAlgorithm());
+ rec.getAlgorithm());
// Possible Enhancement: sun's BASE64Encode is not
// fast. We may may to have our native implmenetation.
IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
rarg.addStringValue(OUT_PUBLIC_KEY,
- pp.toHexString(rec.getPublicKeyData(), 0, 20));
+ pp.toHexString(rec.getPublicKeyData(), 0, 20));
Integer keySize = rec.getKeySize();
if (keySize == null) {
@@ -74,16 +72,16 @@ public class KeyRecordParser {
rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue());
}
rarg.addStringValue(OUT_ARCHIVED_BY,
- rec.getArchivedBy());
+ rec.getArchivedBy());
rarg.addLongValue(OUT_ARCHIVED_ON,
- rec.getCreateTime().getTime() / 1000);
+ rec.getCreateTime().getTime() / 1000);
Date dateOfRevocation[] = rec.getDateOfRevocation();
if (dateOfRevocation != null) {
- rarg.addStringValue(OUT_RECOVERED_BY,
- "null");
- rarg.addStringValue(OUT_RECOVERED_ON,
- "null");
+ rarg.addStringValue(OUT_RECOVERED_BY,
+ "null");
+ rarg.addStringValue(OUT_RECOVERED_ON,
+ "null");
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
index edcd2bdf..8abafa15 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Hashtable;
@@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert;
/**
* A class representing a recoverBySerial servlet.
- *
+ *
* @version $Revision$, $Date$
*/
public class RecoverBySerial extends CMSServlet {
@@ -108,22 +107,22 @@ public class RecoverBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP request. The format of this request is as follows:
- * recoverBySerial?
- * [serialNumber=<number>]
- * [uid#=<uid>]
- * [pwd#=<password>]
- * [localAgents=yes|null]
- * [recoveryID=recoveryID]
- * [pkcs12Password=<password of pkcs12>]
- * [pkcs12PasswordAgain=<password of pkcs12>]
- * [pkcs12Delivery=<delivery mechanism for pkcs12>]
- * [cert=<encryption certificate>]
+ * recoverBySerial?
+ * [serialNumber=<number>]
+ * [uid#=<uid>]
+ * [pwd#=<password>]
+ * [localAgents=yes|null]
+ * [recoveryID=recoveryID]
+ * [pkcs12Password=<password of pkcs12>]
+ * [pkcs12PasswordAgain=<password of pkcs12>]
+ * [pkcs12Delivery=<delivery mechanism for pkcs12>]
+ * [cert=<encryption certificate>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -138,10 +137,10 @@ public class RecoverBySerial extends CMSServlet {
mAuthzResourceName, "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -156,9 +155,9 @@ public class RecoverBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -197,46 +196,46 @@ public class RecoverBySerial extends CMSServlet {
also be listed in the request.
*/
if ((initAsyncRecovery != null) &&
- initAsyncRecovery.equalsIgnoreCase("ON")) {
- process(form, argSet, header,
- req.getParameter(IN_SERIALNO),
- req.getParameter(IN_CERT),
- req, resp, locale[0]);
-
- int requiredNumber = mService.getNoOfRequiredAgents();
- header.addIntegerValue("noOfRequiredAgents", requiredNumber);
+ initAsyncRecovery.equalsIgnoreCase("ON")) {
+ process(form, argSet, header,
+ req.getParameter(IN_SERIALNO),
+ req.getParameter(IN_CERT),
+ req, resp, locale[0]);
+
+ int requiredNumber = mService.getNoOfRequiredAgents();
+ header.addIntegerValue("noOfRequiredAgents", requiredNumber);
} else {
String recoveryID = req.getParameter("recoveryID");
if (recoveryID != null && !recoveryID.equals("")) {
- ctx.put(SessionContext.RECOVERY_ID,
- req.getParameter("recoveryID"));
+ ctx.put(SessionContext.RECOVERY_ID,
+ req.getParameter("recoveryID"));
+ }
+ byte pkcs12[] = process(form, argSet, header,
+ req.getParameter(IN_SERIALNO),
+ req.getParameter("localAgents"),
+ req.getParameter(IN_PASSWORD),
+ req.getParameter(IN_PASSWORD_AGAIN),
+ req.getParameter(IN_CERT),
+ req.getParameter(IN_DELIVERY),
+ req.getParameter(IN_NICKNAME),
+ req, resp, locale[0]);
+
+ if (pkcs12 != null) {
+ //resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("application/x-pkcs12");
+ //resp.setContentLength(pkcs12.length);
+ resp.getOutputStream().write(pkcs12);
+ mRenderResult = false;
+ return;
}
- byte pkcs12[] = process(form, argSet, header,
- req.getParameter(IN_SERIALNO),
- req.getParameter("localAgents"),
- req.getParameter(IN_PASSWORD),
- req.getParameter(IN_PASSWORD_AGAIN),
- req.getParameter(IN_CERT),
- req.getParameter(IN_DELIVERY),
- req.getParameter(IN_NICKNAME),
- req, resp, locale[0]);
-
- if (pkcs12 != null) {
- //resp.setStatus(HttpServletResponse.SC_OK);
- resp.setContentType("application/x-pkcs12");
- //resp.setContentLength(pkcs12.length);
- resp.getOutputStream().write(pkcs12);
- mRenderResult = false;
- return;
- }
}
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (IOException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
} finally {
SessionContext.releaseContext();
}
@@ -249,9 +248,9 @@ public class RecoverBySerial extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -260,10 +259,10 @@ public class RecoverBySerial extends CMSServlet {
/**
* Async Key Recovery - request initiation
*/
- private void process(CMSTemplate form, CMSTemplateParams argSet,
- IArgBlock header, String seq, String cert,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplate form, CMSTemplateParams argSet,
+ IArgBlock header, String seq, String cert,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
// seq is the key id
if (seq == null) {
@@ -291,22 +290,22 @@ public class RecoverBySerial extends CMSServlet {
try {
String reqID = mService.initAsyncKeyRecovery(
- new BigInteger(seq), x509cert,
+ new BigInteger(seq), x509cert,
(String) sContext.get(SessionContext.USER_ID));
header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO));
header.addStringValue("requestID", reqID);
} catch (EBaseException e) {
String error =
- "Failed to recover key for key id " +
- seq + ".\nException: " + e.toString();
+ "Failed to recover key for key id " +
+ seq + ".\nException: " + e.toString();
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ ILogger.S_KRA, ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(seq, error);
} catch (EBaseException eb) {
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
}
}
return;
@@ -317,11 +316,11 @@ public class RecoverBySerial extends CMSServlet {
* provided by the administrator.
*/
private byte[] process(CMSTemplate form, CMSTemplateParams argSet,
- IArgBlock header, String seq, String localAgents,
- String password, String passwordAgain,
- String cert, String delivery, String nickname,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String seq, String localAgents,
+ String password, String passwordAgain,
+ String cert, String delivery, String nickname,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
if (seq == null) {
header.addStringValue(OUT_ERROR, "sequence number not found");
return null;
@@ -360,65 +359,65 @@ public class RecoverBySerial extends CMSServlet {
if (sContext != null) {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
- if (localAgents == null) {
- String recoveryID = req.getParameter("recoveryID");
+ if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
+ if (localAgents == null) {
+ String recoveryID = req.getParameter("recoveryID");
- if (recoveryID == null || recoveryID.equals("")) {
- header.addStringValue(OUT_ERROR, "No recovery ID specified");
- return null;
- }
- Hashtable params = mService.createRecoveryParams(recoveryID);
+ if (recoveryID == null || recoveryID.equals("")) {
+ header.addStringValue(OUT_ERROR, "No recovery ID specified");
+ return null;
+ }
+ Hashtable params = mService.createRecoveryParams(recoveryID);
- params.put("keyID", req.getParameter(IN_SERIALNO));
+ params.put("keyID", req.getParameter(IN_SERIALNO));
- header.addStringValue("recoveryID", recoveryID);
+ header.addStringValue("recoveryID", recoveryID);
- params.put("agent", agent);
+ params.put("agent", agent);
- // new thread to wait for pk12
- Thread waitThread = new WaitApprovalThread(recoveryID,
- seq, password, x509cert, delivery, nickname,
- SessionContext.getContext());
+ // new thread to wait for pk12
+ Thread waitThread = new WaitApprovalThread(recoveryID,
+ seq, password, x509cert, delivery, nickname,
+ SessionContext.getContext());
- waitThread.start();
- return null;
- } else {
- Vector v = new Vector();
-
- for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
- String uid = req.getParameter(IN_UID + i);
- String pwd = req.getParameter(IN_PWD + i);
-
- if (uid != null && pwd != null && !uid.equals("") &&
- !pwd.equals("")) {
- v.addElement(new Credential(uid, pwd));
- } else {
+ waitThread.start();
+ return null;
+ } else {
+ Vector v = new Vector();
+
+ for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
+ String uid = req.getParameter(IN_UID + i);
+ String pwd = req.getParameter(IN_PWD + i);
+
+ if (uid != null && pwd != null && !uid.equals("") &&
+ !pwd.equals("")) {
+ v.addElement(new Credential(uid, pwd));
+ } else {
+ header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
+ return null;
+ }
+ }
+ if (v.size() != mService.getNoOfRequiredAgents()) {
header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
return null;
}
+ creds = new Credential[v.size()];
+ v.copyInto(creds);
}
- if (v.size() != mService.getNoOfRequiredAgents()) {
- header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
- return null;
- }
- creds = new Credential[v.size()];
- v.copyInto(creds);
- }
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addIntegerValue(OUT_SERIALNO,
- Integer.parseInt(seq));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
- byte pkcs12[] = mService.doKeyRecovery(
- new BigInteger(seq),
- creds, password, x509cert,
- delivery, nickname, agent);
-
- return pkcs12;
- } else {
+ header.addStringValue(OUT_OP,
+ req.getParameter(OUT_OP));
+ header.addIntegerValue(OUT_SERIALNO,
+ Integer.parseInt(seq));
+ header.addStringValue(OUT_SERVICE_URL,
+ req.getRequestURI());
+ byte pkcs12[] = mService.doKeyRecovery(
+ new BigInteger(seq),
+ creds, password, x509cert,
+ delivery, nickname, agent);
+
+ return pkcs12;
+ } else {
String recoveryID = req.getParameter("recoveryID");
if (recoveryID == null || recoveryID.equals("")) {
@@ -440,7 +439,7 @@ public class RecoverBySerial extends CMSServlet {
waitThread.start();
return null;
- }
+ }
} catch (EBaseException e) {
header.addStringValue(OUT_ERROR, e.toString(locale));
} catch (Exception e) {
@@ -462,24 +461,24 @@ public class RecoverBySerial extends CMSServlet {
String theNickname = null;
SessionContext theSc = null;
- /**
+ /**
* Wait approval thread constructor including thread name
*/
public WaitApprovalThread(String recoveryID, String seq,
- String password, X509CertImpl cert,
- String delivery, String nickname, SessionContext sc) {
+ String password, X509CertImpl cert,
+ String delivery, String nickname, SessionContext sc) {
super();
- super.setName("waitApproval." + recoveryID + "-" +
- (Thread.activeCount() + 1));
+ super.setName("waitApproval." + recoveryID + "-" +
+ (Thread.activeCount() + 1));
theRecoveryID = recoveryID;
theSeq = seq;
thePassword = password;
theCert = cert;
theDelivery = delivery;
theNickname = nickname;
- theSc = sc;
+ theSc = sc;
}
-
+
public void run() {
SessionContext.setContext(theSc);
Credential creds[] = null;
@@ -487,17 +486,17 @@ public class RecoverBySerial extends CMSServlet {
try {
creds = mService.getDistributedCredentials(theRecoveryID);
} catch (EBaseException e) {
- String error =
- "Failed to get required approvals for recovery id " +
- theRecoveryID + ".\nException: " + e.toString();
+ String error =
+ "Failed to get required approvals for recovery id " +
+ theRecoveryID + ".\nException: " + e.toString();
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ ILogger.S_KRA, ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
} catch (EBaseException eb) {
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
}
return;
}
@@ -514,16 +513,16 @@ public class RecoverBySerial extends CMSServlet {
((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12);
} catch (EBaseException e) {
String error =
- "Failed to recover key for recovery id " +
- theRecoveryID + ".\nException: " + e.toString();
+ "Failed to recover key for recovery id " +
+ theRecoveryID + ".\nException: " + e.toString();
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ ILogger.S_KRA, ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
} catch (EBaseException eb) {
CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
}
}
return;
@@ -531,4 +530,3 @@ public class RecoverBySerial extends CMSServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
index c0fdd02e..b6693ee6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
/**
* Retrieve archived keys matching search criteria
- *
+ *
* @version $Revision$, $Date$
*/
public class SrchKey extends CMSServlet {
@@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet {
private final static String OUT_ERROR = "errorDetails";
private final static String OUT_ARCHIVER = "archiverName";
private final static String OUT_SERVICE_URL = "serviceURL";
- private final static String OUT_TOTAL_COUNT = "totalRecordCount";
+ private final static String OUT_TOTAL_COUNT = "totalRecordCount";
private final static String OUT_TEMPLATE = "templateName";
private IKeyRepository mKeyDB = null;
@@ -93,20 +92,20 @@ public class SrchKey extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "srchKey.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
- /* maxReturns doesn't seem to do anything useful in this
+ /* maxReturns doesn't seem to do anything useful in this
servlet!!! */
try {
String tmp =
- sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+ sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
- if (tmp == null)
+ if (tmp == null)
mMaxReturns = 100;
else
mMaxReturns = Integer.parseInt(tmp);
@@ -132,20 +131,20 @@ public class SrchKey extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
- * <li>http.param maxCount maximum number of matches to show in result
- * <li>http.param maxResults maximum number of matches to run in ldapsearch
- * <li>http.param queryFilter ldap-style filter to search with
+ * <li>http.param maxCount maximum number of matches to show in result
+ * <li>http.param maxResults maximum number of matches to run in ldapsearch
+ * <li>http.param queryFilter ldap-style filter to search with
* <li>http.param querySentinel ID of first request to show
- * <li>http.param timeLimit number of seconds to limit ldap search to
+ * <li>http.param timeLimit number of seconds to limit ldap search to
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -162,10 +161,10 @@ public class SrchKey extends CMSServlet {
mAuthzResourceName, "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -180,9 +179,9 @@ public class SrchKey extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
// process query if authentication is successful
@@ -213,11 +212,11 @@ public class SrchKey extends CMSServlet {
if (timeLimitStr != null && timeLimitStr.length() > 0)
timeLimit = Integer.parseInt(timeLimitStr);
process(argSet, header, ctx, maxCount, maxResults,
- timeLimit, sentinel,
- req.getParameter(IN_FILTER), req, resp, locale[0]);
+ timeLimit, sentinel,
+ req.getParameter(IN_FILTER), req, resp, locale[0]);
} catch (NumberFormatException e) {
header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
try {
@@ -227,9 +226,9 @@ public class SrchKey extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -238,53 +237,53 @@ public class SrchKey extends CMSServlet {
* Process the key search.
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, IArgBlock ctx,
- int maxCount, int maxResults, int timeLimit, int sentinel, String filter,
- HttpServletRequest req, HttpServletResponse resp, Locale locale) {
+ IArgBlock header, IArgBlock ctx,
+ int maxCount, int maxResults, int timeLimit, int sentinel, String filter,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale) {
try {
// Fill header
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ header.addStringValue(OUT_OP,
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_ARCHIVER,
- mAuthName.toString());
+ mAuthName.toString());
// STRANGE: IE does not like the following:
// header.addStringValue(OUT_SERVICE_URL,
// req.getRequestURI());
// XXX
header.addStringValue(OUT_SERVICE_URL,
- "/kra?");
+ "/kra?");
header.addStringValue(OUT_TEMPLATE,
- TPL_FILE);
+ TPL_FILE);
header.addStringValue(OUT_FILTER,
- filter);
+ filter);
if (timeLimit == -1 || timeLimit > mTimeLimits) {
CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
timeLimit = mTimeLimits;
}
CMS.debug("Start searching ... timelimit=" + timeLimit);
- Enumeration e = mKeyDB.searchKeys(filter,
+ Enumeration e = mKeyDB.searchKeys(filter,
maxResults, timeLimit);
int count = 0;
if (e == null) {
- header.addStringValue(OUT_SENTINEL,
- null);
+ header.addStringValue(OUT_SENTINEL,
+ null);
} else {
while (e.hasMoreElements()) {
IKeyRecord rec = (IKeyRecord)
- e.nextElement();
+ e.nextElement();
// rec is null when we specify maxResults
// DS will return an err=4, which triggers
// a LDAPException.SIZE_LIMIT_ExCEEDED
// in DSSearchResults.java
if (rec != null) {
- IArgBlock rarg = CMS.createArgBlock();
+ IArgBlock rarg = CMS.createArgBlock();
- KeyRecordParser.fillRecordIntoArg(rec, rarg);
- argSet.addRepeatRecord(rarg);
- count++;
+ KeyRecordParser.fillRecordIntoArg(rec, rarg);
+ argSet.addRepeatRecord(rarg);
+ count++;
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
index 56a1817e..828ef0e6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException;
/**
* Retrieve archived keys matching given public key material
- *
- *
+ *
+ *
* @version $Revision$, $Date$
*/
public class SrchKeyForRecovery extends CMSServlet {
@@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet {
private final static String OUT_ERROR = "errorDetails";
private final static String OUT_ARCHIVER = "archiverName";
private final static String OUT_SERVICE_URL = "serviceURL";
- private final static String OUT_TOTAL_COUNT = "totalRecordCount";
+ private final static String OUT_TOTAL_COUNT = "totalRecordCount";
private final static String OUT_TEMPLATE = "templateName";
private IKeyRepository mKeyDB = null;
@@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "srchKeyForRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,9 +102,9 @@ public class SrchKeyForRecovery extends CMSServlet {
try {
String tmp =
- sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+ sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
- if (tmp == null)
+ if (tmp == null)
mMaxReturns = 100;
else
mMaxReturns = Integer.parseInt(tmp);
@@ -131,20 +130,20 @@ public class SrchKeyForRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
- * <li>http.param maxCount maximum number of matches to show in result
- * <li>http.param maxResults maximum number of matches to run in ldapsearch
+ * <li>http.param maxCount maximum number of matches to show in result
+ * <li>http.param maxResults maximum number of matches to run in ldapsearch
* <li>http.param publicKeyData public key data to search on
* <li>http.param querySentinel ID of first request to show
- * <li>http.param timeLimit number of seconds to limit ldap search to
+ * <li>http.param timeLimit number of seconds to limit ldap search to
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
@@ -161,10 +160,10 @@ public class SrchKeyForRecovery extends CMSServlet {
mAuthzResourceName, "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -179,11 +178,11 @@ public class SrchKeyForRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
-
+
// process query if authentication is successful
IArgBlock header = CMS.createArgBlock();
IArgBlock ctx = CMS.createArgBlock();
@@ -213,10 +212,10 @@ public class SrchKeyForRecovery extends CMSServlet {
if (timeLimitStr != null && timeLimitStr.length() > 0)
timeLimit = Integer.parseInt(timeLimitStr);
process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel,
- req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
+ req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
}
@@ -230,12 +229,12 @@ public class SrchKeyForRecovery extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- ServletOutputStream out = resp.getOutputStream();
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ ServletOutputStream out = resp.getOutputStream();
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
@@ -243,9 +242,9 @@ public class SrchKeyForRecovery extends CMSServlet {
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
@@ -253,31 +252,31 @@ public class SrchKeyForRecovery extends CMSServlet {
* Process the key search.
*/
private void process(CMSTemplateParams argSet,
- IArgBlock header, IArgBlock ctx,
- int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
- String filter,
- HttpServletRequest req, HttpServletResponse resp, Locale locale)
- throws EBaseException {
+ IArgBlock header, IArgBlock ctx,
+ int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
+ String filter,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale)
+ throws EBaseException {
try {
// Fill header
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
+ header.addStringValue(OUT_OP,
+ req.getParameter(OUT_OP));
header.addStringValue(OUT_ARCHIVER,
- mAuthName.toString());
+ mAuthName.toString());
// STRANGE: IE does not like the following:
// header.addStringValue(OUT_SERVICE_URL,
// req.getRequestURI());
// XXX
header.addStringValue(OUT_SERVICE_URL,
- "/kra?");
+ "/kra?");
header.addStringValue(OUT_TEMPLATE,
- TPL_FILE);
+ TPL_FILE);
header.addStringValue(OUT_FILTER,
- filter);
+ filter);
if (publicKeyData != null) {
header.addStringValue("publicKeyData",
- publicKeyData);
+ publicKeyData);
}
if (timeLimit == -1 || timeLimit > mTimeLimits) {
@@ -290,21 +289,21 @@ public class SrchKeyForRecovery extends CMSServlet {
if (e == null) {
header.addStringValue(OUT_SENTINEL,
- null);
+ null);
} else {
while (e.hasMoreElements()) {
IKeyRecord rec = (IKeyRecord)
- e.nextElement();
+ e.nextElement();
// rec is null when we specify maxResults
// DS will return an err=4, which triggers
// a LDAPException.SIZE_LIMIT_ExCEEDED
// in DSSearchResults.java
if (rec != null) {
- IArgBlock rarg = CMS.createArgBlock();
+ IArgBlock rarg = CMS.createArgBlock();
- KeyRecordParser.fillRecordIntoArg(rec, rarg);
- argSet.addRepeatRecord(rarg);
- count++;
+ KeyRecordParser.fillRecordIntoArg(rec, rarg);
+ argSet.addRepeatRecord(rarg);
+ count++;
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
index c365d0f8..93936ca1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
@@ -46,22 +45,21 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
-
/**
* Configure the CA to respond to OCSP requests for a CA
- *
+ *
* @version $Revision$ $Date$
*/
public class AddCAServlet extends CMSServlet {
-
+
/**
*
*/
private static final long serialVersionUID = 1065151608542115340L;
public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE-----";
+ "-----BEGIN CERTIFICATE-----";
public static final String END_HEADER =
- "-----END CERTIFICATE-----";
+ "-----END CERTIFICATE-----";
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
@@ -71,9 +69,9 @@ public class AddCAServlet extends CMSServlet {
private IOCSPAuthority mOCSPAuthority = null;
private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST =
- "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
+ "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
+ "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
public AddCAServlet() {
super();
@@ -82,7 +80,7 @@ public class AddCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCA.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -100,19 +98,15 @@ public class AddCAServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param cert ca certificate. The format is base-64, DER
- * encoded, wrapped with -----BEGIN CERTIFICATE-----,
- * -----END CERTIFICATE----- strings
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when
- * a CA is attempted to be added to the OCSP responder
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED
- * used when an add CA request to the OCSP Responder is processed
+ * <li>http.param cert ca certificate. The format is base-64, DER encoded, wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA is attempted to be added to the OCSP responder
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used when an add CA request to the OCSP Responder is processed
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
String auditMessage = null;
@@ -143,9 +137,9 @@ public class AddCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -153,10 +147,10 @@ public class AddCAServlet extends CMSServlet {
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+ CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
auditSubjectID = uid;
}
}
@@ -164,12 +158,12 @@ public class AddCAServlet extends CMSServlet {
if (b64 == null) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT"));
}
@@ -177,32 +171,32 @@ public class AddCAServlet extends CMSServlet {
auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim()));
// record the fact that a request to add CA is made
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditCA);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditCA);
- audit( auditMessage );
+ audit(auditMessage);
if (b64.indexOf(BEGIN_HEADER) == -1) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
}
if (b64.indexOf(END_HEADER) == -1) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
}
@@ -215,17 +209,17 @@ public class AddCAServlet extends CMSServlet {
try {
X509Certificate cert = Cert.mapCert(b64);
- if( cert == null ) {
- CMS.debug( "AddCAServlet::process() - cert is null!" );
+ if (cert == null) {
+ CMS.debug("AddCAServlet::process() - cert is null!");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
- throw new EBaseException( "cert is null" );
+ throw new EBaseException("cert is null");
} else {
certs = new X509Certificate[1];
}
@@ -247,15 +241,15 @@ public class AddCAServlet extends CMSServlet {
auditCASubjectDN = leafCert.getSubjectDN().getName();
} catch (Exception e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
}
}
if (certs != null && certs.length > 0) {
@@ -264,32 +258,32 @@ public class AddCAServlet extends CMSServlet {
// (2) store certificate (and certificate chain) into
// database
ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
- leafCert.getSubjectDN().getName(),
- BIG_ZERO,
+ leafCert.getSubjectDN().getName(),
+ BIG_ZERO,
MINUS_ONE, null, null);
try {
rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
} catch (Exception e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
// error
}
defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
}
try {
@@ -297,18 +291,18 @@ public class AddCAServlet extends CMSServlet {
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index 029d396b..8a3ea60b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
-
/**
* Update the OCSP responder with a new CRL
- *
+ *
* @version $Revision$ $Date$
*/
public class AddCRLServlet extends CMSServlet {
@@ -68,18 +66,18 @@ public class AddCRLServlet extends CMSServlet {
*/
private static final long serialVersionUID = 1476080474638590902L;
public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+ "-----BEGIN CERTIFICATE REVOCATION LIST-----";
public static final String END_HEADER =
- "-----END CERTIFICATE REVOCATION LIST-----";
+ "-----END CERTIFICATE REVOCATION LIST-----";
private final static String TPL_FILE = "addCRL.template";
private String mFormPath = null;
private IOCSPAuthority mOCSPAuthority = null;
private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL =
- "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
+ "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION =
- "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
+ "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
public AddCRLServlet() {
super();
@@ -88,7 +86,7 @@ public class AddCRLServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCRL.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -105,31 +103,28 @@ public class AddCRLServlet extends CMSServlet {
/**
* Process the HTTP request.
* <P>
- *
+ *
* <ul>
- * <li>http.param crl certificate revocation list, base-64, DER encoded
- * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----,
- * -----END CERTIFICATE REVOCATION LIST----- strings
+ * <li>http.param crl certificate revocation list, base-64, DER encoded wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END CERTIFICATE REVOCATION LIST----- strings
* <li>http.param noui if true, use minimal hardcoded text response
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are
- * retrieved by the OCSP Responder ("agent" or "EE")
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is
- * retrieved and validation process occurs ("agent" or "EE")
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are retrieved by the OCSP Responder ("agent" or "EE")
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is retrieved and validation process occurs ("agent" or "EE")
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
protected synchronized void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
boolean CRLFetched = false;
boolean CRLValidated = false;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("add_crl", true /* main action */);
+ statsSub.startTiming("add_crl", true /* main action */);
}
try {
@@ -152,42 +147,43 @@ public class AddCRLServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
return;
}
if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
if (authToken != null) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+ CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
auditSubjectID = uid;
}
- }
+ }
}
log(ILogger.LL_INFO, "AddCRLServlet");
String b64 = cmsReq.getHttpReq().getParameter("crl");
- if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64);
+ if (CMS.debugOn())
+ CMS.debug("AddCRLServlet: b64=" + b64);
if (b64 == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CRL"));
+ CMS.getUserMessage("CMS_GW_MISSING_CRL"));
}
String nouiParm = cmsReq.getHttpReq().getParameter("noui");
@@ -209,20 +205,20 @@ public class AddCRLServlet extends CMSServlet {
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
e.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -231,32 +227,32 @@ public class AddCRLServlet extends CMSServlet {
if (b64.indexOf(BEGIN_HEADER) == -1) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
+ CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
"CMS_GW_MISSING_CRL_HEADER"));
}
if (b64.indexOf(END_HEADER) == -1) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
+ CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
"CMS_GW_MISSING_CRL_FOOTER"));
@@ -270,30 +266,30 @@ public class AddCRLServlet extends CMSServlet {
long startTime = CMS.getCurrentDate().getTime();
CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime);
if (statsSub != null) {
- statsSub.startTiming("decode_crl");
+ statsSub.startTiming("decode_crl");
}
- crl = mapCRL1( b64 );
+ crl = mapCRL1(b64);
if (statsSub != null) {
- statsSub.endTiming("decode_crl");
+ statsSub.endTiming("decode_crl");
}
long endTime = CMS.getCurrentDate().getTime();
- CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime +
- " diff=" + (endTime - startTime));
+ CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime +
+ " diff=" + (endTime - startTime));
// Retrieve the actual CRL number
BigInteger crlNum = crl.getCRLNumber();
- if( crlNum != null ) {
+ if (crlNum != null) {
auditCRLNum = crlNum.toString();
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
// acknowledge that the CRL has been retrieved
CRLFetched = true;
@@ -302,18 +298,18 @@ public class AddCRLServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
}
- log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " +
- crl.getIssuerDN().getName());
+ log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " +
+ crl.getIssuerDN().getName());
ICRLIssuingPointRecord pt = null;
@@ -322,94 +318,94 @@ public class AddCRLServlet extends CMSServlet {
crl.getIssuerDN().getName());
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
- crl.getIssuerDN().getName()));
+ CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
+ crl.getIssuerDN().getName()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
}
log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " +
- pt.getThisUpdate());
+ pt.getThisUpdate());
// verify CRL
byte caCertData[] = pt.getCACert();
if (caCertData != null) {
- try {
- X509CertImpl caCert = new X509CertImpl(caCertData);
- CMS.debug("AddCRLServlet: start verify");
-
- CryptoManager cmanager = CryptoManager.getInstance();
- org.mozilla.jss.crypto.X509Certificate jssCert = null;
try {
- jssCert = cmanager.importCACertPackage(
- caCert.getEncoded());
- } catch (Exception e2) {
- CMS.debug("AddCRLServlet: importCACertPackage " +
- e2.toString());
- throw new EBaseException( e2.toString() );
- }
+ X509CertImpl caCert = new X509CertImpl(caCertData);
+ CMS.debug("AddCRLServlet: start verify");
- if (statsSub != null) {
- statsSub.startTiming("verify_crl");
- }
- crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
- if (statsSub != null) {
- statsSub.endTiming("verify_crl");
- }
- CMS.debug("AddCRLServlet: done verify");
+ CryptoManager cmanager = CryptoManager.getInstance();
+ org.mozilla.jss.crypto.X509Certificate jssCert = null;
+ try {
+ jssCert = cmanager.importCACertPackage(
+ caCert.getEncoded());
+ } catch (Exception e2) {
+ CMS.debug("AddCRLServlet: importCACertPackage " +
+ e2.toString());
+ throw new EBaseException(e2.toString());
+ }
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.SUCCESS );
+ if (statsSub != null) {
+ statsSub.startTiming("verify_crl");
+ }
+ crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
+ if (statsSub != null) {
+ statsSub.endTiming("verify_crl");
+ }
+ CMS.debug("AddCRLServlet: done verify");
- audit( auditMessage );
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID,
+ ILogger.SUCCESS);
- // acknowledge that the CRL has been validated
- CRLValidated = true;
- } catch (Exception e) {
- CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
- CMS.debug(e);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
- crl.getIssuerDN().getName()));
+ audit(auditMessage);
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.FAILURE );
+ // acknowledge that the CRL has been validated
+ CRLValidated = true;
+ } catch (Exception e) {
+ CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
+ CMS.debug(e);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
+ crl.getIssuerDN().getName()));
- audit( auditMessage );
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID,
+ ILogger.FAILURE);
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
- }
+ audit(auditMessage);
+
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ }
}
- if ((pt.getThisUpdate() != null) &&
- (pt.getThisUpdate().getTime() >=
- crl.getThisUpdate().getTime())) {
+ if ((pt.getThisUpdate() != null) &&
+ (pt.getThisUpdate().getTime() >=
+ crl.getThisUpdate().getTime())) {
// error, the uploaded CRL is older than the current
CMS.debug("AddCRLServlet: no update, CRL is older");
log(ILogger.LL_INFO,
- "AddCRLServlet: no update, received CRL is older " +
- "than current CRL");
+ "AddCRLServlet: no update, received CRL is older " +
+ "than current CRL");
if (noUI) {
try {
resp.setContentType("application/text");
- resp.getOutputStream().write("status=1\n".getBytes());
+ resp.getOutputStream().write("status=1\n".getBytes());
resp.getOutputStream().write(
- "error=Sent CRL is older than the current CRL\n".getBytes());
+ "error=Sent CRL is older than the current CRL\n".getBytes());
resp.getOutputStream().flush();
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -430,20 +426,20 @@ public class AddCRLServlet extends CMSServlet {
// already been logged at this point!
throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_OLD_CRL_ERROR"));
+ "CMS_GW_OLD_CRL_ERROR"));
}
}
if (crl.isDeltaCRL()) {
CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported.");
- log(ILogger.LL_INFO, "AddCRLServlet: no update, "+
- CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
+ log(ILogger.LL_INFO, "AddCRLServlet: no update, " +
+ CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
if (noUI) {
try {
resp.setContentType("application/text");
- resp.getOutputStream().write("status=1\n".getBytes());
+ resp.getOutputStream().write("status=1\n".getBytes());
resp.getOutputStream().write(
- "error=Delta CRLs are not supported.\n".getBytes());
+ "error=Delta CRLs are not supported.\n".getBytes());
resp.getOutputStream().flush();
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -465,26 +461,26 @@ public class AddCRLServlet extends CMSServlet {
IRepositoryRecord repRec = defStore.createRepositoryRecord();
- repRec.set(IRepositoryRecord.ATTR_SERIALNO,
- new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
+ repRec.set(IRepositoryRecord.ATTR_SERIALNO,
+ new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
try {
defStore.addRepository(
- crl.getIssuerDN().getName(),
- Long.toString(crl.getThisUpdate().getTime()),
- repRec);
+ crl.getIssuerDN().getName(),
+ Long.toString(crl.getThisUpdate().getTime()),
+ repRec);
log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " +
- Long.toString(crl.getThisUpdate().getTime()));
+ Long.toString(crl.getThisUpdate().getTime()));
} catch (Exception e) {
- CMS.debug("AddCRLServlet: add repository e=" + e.toString());
+ CMS.debug("AddCRLServlet: add repository e=" + e.toString());
}
- log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " +
- Long.toString(crl.getThisUpdate().getTime()));
+ log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " +
+ Long.toString(crl.getThisUpdate().getTime()));
if (defStore.waitOnCRLUpdate()) {
defStore.updateCRL(crl);
} else {
- // when the CRL large, the thread is terminiated by the
- // servlet framework before it can finish its work
+ // when the CRL large, the thread is terminiated by the
+ // servlet framework before it can finish its work
UpdateCRLThread uct = new UpdateCRLThread(defStore, crl);
uct.start();
@@ -496,25 +492,25 @@ public class AddCRLServlet extends CMSServlet {
if (noUI) {
CMS.debug("AddCRLServlet: return result noUI=true");
resp.setContentType("application/text");
- resp.getOutputStream().write("status=0".getBytes());
+ resp.getOutputStream().write("status=0".getBytes());
resp.getOutputStream().flush();
cmsReq.setStatus(CMSRequest.SUCCESS);
} else {
CMS.debug("AddCRLServlet: return result noUI=false");
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
}
} catch (IOException e) {
CMS.debug("AddCRLServlet: return result error=" + e.toString());
mOCSPAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+ e.toString()));
// NOTE: The signed audit events
// LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
@@ -522,38 +518,38 @@ public class AddCRLServlet extends CMSServlet {
// already been logged at this point!
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
- } catch( EBaseException eAudit1 ) {
- if( !CRLFetched ) {
+ } catch (EBaseException eAudit1) {
+ if (!CRLFetched) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
} else {
- if( !CRLValidated ) {
+ if (!CRLValidated) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
}
}
throw eAudit1;
}
if (statsSub != null) {
- statsSub.endTiming("add_crl");
+ statsSub.endTiming("add_crl");
}
}
public X509CRLImpl mapCRL1(String mime64)
- throws IOException {
+ throws IOException {
mime64 = Cert.stripCRLBrackets(mime64.trim());
byte rawPub[] = CMS.AtoB(mime64);
@@ -568,21 +564,20 @@ public class AddCRLServlet extends CMSServlet {
}
}
-
class UpdateCRLThread extends Thread {
private IDefStore mDefStore = null;
private X509CRL mCRL = null;
public UpdateCRLThread(
- IDefStore defStore, X509CRL crl) {
+ IDefStore defStore, X509CRL crl) {
mDefStore = defStore;
mCRL = crl;
}
public void run() {
try {
- if (!((X509CRLImpl)mCRL).areEntriesIncluded())
- mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded());
+ if (!((X509CRLImpl) mCRL).areEntriesIncluded())
+ mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded());
mDefStore.updateCRL(mCRL);
} catch (CRLException e) {
} catch (X509ExtensionException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
index 3e5d1f49..4c734cee 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
-
/**
- * Check the status of a specific certificate
- *
+ * Check the status of a specific certificate
+ *
* @version $Revision$ $Date$
*/
public class CheckCertServlet extends CMSServlet {
@@ -61,9 +59,9 @@ public class CheckCertServlet extends CMSServlet {
*/
private static final long serialVersionUID = 7782198059640825050L;
public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE-----";
+ "-----BEGIN CERTIFICATE-----";
public static final String END_HEADER =
- "-----END CERTIFICATE-----";
+ "-----END CERTIFICATE-----";
public static final String ATTR_STATUS = "status";
public static final String ATTR_ISSUERDN = "issuerDN";
@@ -85,7 +83,7 @@ public class CheckCertServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "checkCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -102,14 +100,13 @@ public class CheckCertServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param cert certificate to check. Base64, DER encoded, wrapped
- * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+ * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -136,9 +133,9 @@ public class CheckCertServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -177,9 +174,9 @@ public class CheckCertServlet extends CMSServlet {
header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName());
header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16));
try {
- X509CRLImpl crl = null;
+ X509CRLImpl crl = null;
- crl = new X509CRLImpl(pt.getCRL());
+ crl = new X509CRLImpl(pt.getCRL());
X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber());
if (crlentry == null) {
@@ -201,18 +198,18 @@ public class CheckCertServlet extends CMSServlet {
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
index 704c759c..1aaf1d6e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.util.Locale;
@@ -41,11 +40,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Retrieve information about the number of OCSP requests the OCSP
+ * Retrieve information about the number of OCSP requests the OCSP
* has serviced
- *
+ *
* @version $Revision$, $Date$
*/
public class GetOCSPInfo extends CMSServlet {
@@ -63,7 +61,7 @@ public class GetOCSPInfo extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template
* file "getOCSPInfo.template" to render the result page.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +77,13 @@ public class GetOCSPInfo extends CMSServlet {
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -98,10 +95,10 @@ public class GetOCSPInfo extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -115,7 +112,7 @@ public class GetOCSPInfo extends CMSServlet {
if (!(mAuthority instanceof IOCSPService)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -126,10 +123,10 @@ public class GetOCSPInfo extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -147,8 +144,8 @@ public class GetOCSPInfo extends CMSServlet {
header.addLongValue("totalData", ca.getOCSPTotalData());
long secs = 0;
if (ca.getOCSPRequestTotalTime() != 0) {
- secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
- }
+ secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
+ }
header.addLongValue("ReqSec", secs);
try {
ServletOutputStream out = httpResp.getOutputStream();
@@ -157,10 +154,10 @@ public class GetOCSPInfo extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
index 063d8513..6b9d2094 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Show the list of CA's that the OCSP responder can service
- *
+ *
* @version $Revision$ $Date$
*/
public class ListCAServlet extends CMSServlet {
@@ -58,9 +56,9 @@ public class ListCAServlet extends CMSServlet {
*/
private static final long serialVersionUID = 3764395161795483452L;
public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE-----";
+ "-----BEGIN CERTIFICATE-----";
public static final String END_HEADER =
- "-----END CERTIFICATE-----";
+ "-----END CERTIFICATE-----";
private final static String TPL_FILE = "listCAs.template";
private String mFormPath = null;
@@ -73,7 +71,7 @@ public class ListCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "listCAs.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -89,11 +87,11 @@ public class ListCAServlet extends CMSServlet {
/**
* Process the HTTP request.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -120,9 +118,9 @@ public class ListCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -133,12 +131,12 @@ public class ListCAServlet extends CMSServlet {
Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100);
// show the current CRL number if present
- header.addStringValue("stateCount",
- Integer.toString(defStore.getStateCount()));
+ header.addStringValue("stateCount",
+ Integer.toString(defStore.getStateCount()));
while (recs.hasMoreElements()) {
- ICRLIssuingPointRecord rec =
- (ICRLIssuingPointRecord) recs.nextElement();
+ ICRLIssuingPointRecord rec =
+ (ICRLIssuingPointRecord) recs.nextElement();
IArgBlock rarg = CMS.createArgBlock();
String thisId = rec.getId();
@@ -163,17 +161,17 @@ public class ListCAServlet extends CMSServlet {
rarg.addLongValue("NumRevoked", 0);
} else {
if (rc.longValue() == -1) {
- rarg.addStringValue("NumRevoked", "UNKNOWN");
- } else {
- rarg.addLongValue("NumRevoked", rc.longValue());
+ rarg.addStringValue("NumRevoked", "UNKNOWN");
+ } else {
+ rarg.addLongValue("NumRevoked", rc.longValue());
}
}
BigInteger crlNumber = rec.getCRLNumber();
if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) {
- rarg.addStringValue("CRLNumber", "UNKNOWN");
+ rarg.addStringValue("CRLNumber", "UNKNOWN");
} else {
- rarg.addStringValue("CRLNumber", crlNumber.toString());
+ rarg.addStringValue("CRLNumber", crlNumber.toString());
}
rarg.addLongValue("ReqCount", defStore.getReqCount(thisId));
@@ -185,18 +183,18 @@ public class ListCAServlet extends CMSServlet {
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
index cfc91975..24c16384 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
@@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData;
import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
-
/**
* Process OCSP messages, According to RFC 2560
* See http://www.ietf.org/rfc/rfc2560.txt
- *
+ *
* @version $Revision$ $Date$
*/
public class OCSPServlet extends CMSServlet {
@@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet {
public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize";
public final static String PROP_ID = "ID";
- private int m_maxRequestSize=5000;
+ private int m_maxRequestSize = 5000;
public OCSPServlet() {
super();
@@ -74,35 +72,36 @@ public class OCSPServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE);
if (s != null) {
- try {
- m_maxRequestSize = Integer.parseInt(s);
- } catch (Exception e) {}
- }
+ try {
+ m_maxRequestSize = Integer.parseInt(s);
+ } catch (Exception e) {
+ }
+ }
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* This method is invoked when the OCSP service receives a OCSP
* request. Based on RFC 2560, the request should have the OCSP
* request in the HTTP body as binary blob.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("ocsp", true /* main action */);
+ statsSub.startTiming("ocsp", true /* main action */);
}
IAuthToken authToken = authenticate(cmsReq);
@@ -119,12 +118,12 @@ public class OCSPServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
+
CMS.debug("Servlet Path=" + httpReq.getServletPath());
CMS.debug("RequestURI=" + httpReq.getRequestURI());
- String pathInfo = httpReq.getPathInfo();
+ String pathInfo = httpReq.getPathInfo();
if (pathInfo != null && pathInfo.indexOf('%') != -1) {
- pathInfo = URLDecoder.decode(pathInfo);
+ pathInfo = URLDecoder.decode(pathInfo);
}
CMS.debug("PathInfo=" + pathInfo);
@@ -136,46 +135,46 @@ public class OCSPServlet extends CMSServlet {
String method = httpReq.getMethod();
CMS.debug("Method=" + method);
if (method != null && method.equals("POST")) {
- int reqlen = httpReq.getContentLength();
-
- if (reqlen == -1) {
- throw new Exception("OCSPServlet: Content-Length not supplied");
- }
- if (reqlen == 0) {
- throw new Exception("OCSPServlet: Invalid Content-Length");
- }
- if (reqlen > m_maxRequestSize) {
- throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")");
- }
-
- // for debugging
- reqbuf = new byte[reqlen];
- int bytesread = 0;
- boolean partial = false;
-
- while (bytesread < reqlen) {
- int r = is.read(reqbuf, bytesread, reqlen - bytesread);
- if (r == -1) {
- throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+ int reqlen = httpReq.getContentLength();
+
+ if (reqlen == -1) {
+ throw new Exception("OCSPServlet: Content-Length not supplied");
+ }
+ if (reqlen == 0) {
+ throw new Exception("OCSPServlet: Invalid Content-Length");
+ }
+ if (reqlen > m_maxRequestSize) {
+ throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")");
}
- bytesread += r;
- if (partial == false) {
- if (bytesread < reqlen) {
- partial = true;
+
+ // for debugging
+ reqbuf = new byte[reqlen];
+ int bytesread = 0;
+ boolean partial = false;
+
+ while (bytesread < reqlen) {
+ int r = is.read(reqbuf, bytesread, reqlen - bytesread);
+ if (r == -1) {
+ throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+ }
+ bytesread += r;
+ if (partial == false) {
+ if (bytesread < reqlen) {
+ partial = true;
+ }
}
}
- }
- is = new ByteArrayInputStream(reqbuf);
+ is = new ByteArrayInputStream(reqbuf);
} else {
- // GET method
- if ( (pathInfo == null) ||
- (pathInfo.equals( "" ) ) ||
- (pathInfo.substring(1) == null) ||
- (pathInfo.substring(1).equals( "" ) ) ) {
- throw new Exception("OCSPServlet: OCSP request not provided in GET method");
- }
- is = new ByteArrayInputStream(
- com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
+ // GET method
+ if ((pathInfo == null) ||
+ (pathInfo.equals("")) ||
+ (pathInfo.substring(1) == null) ||
+ (pathInfo.substring(1).equals(""))) {
+ throw new Exception("OCSPServlet: OCSP request not provided in GET method");
+ }
+ is = new ByteArrayInputStream(
+ com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
}
// (1) retrieve OCSP request
@@ -183,22 +182,23 @@ public class OCSPServlet extends CMSServlet {
OCSPResponse response = null;
try {
- OCSPRequest.Template reqTemplate =
- new OCSPRequest.Template();
+ OCSPRequest.Template reqTemplate =
+ new OCSPRequest.Template();
- if ( (is == null) ||
- (is.toString().equals( "" ) ) ) {
- throw new Exception( "OCSPServlet: OCSP request is "
+ if ((is == null) ||
+ (is.toString().equals(""))) {
+ throw new Exception("OCSPServlet: OCSP request is "
+ "empty or malformed");
}
ocspReq = (OCSPRequest) reqTemplate.decode(is);
- if ( (ocspReq == null) ||
- (ocspReq.toString().equals( "" ) ) ) {
- throw new Exception( "OCSPServlet: Decoded OCSP request "
+ if ((ocspReq == null) ||
+ (ocspReq.toString().equals(""))) {
+ throw new Exception("OCSPServlet: Decoded OCSP request "
+ "is empty or malformed");
}
response = ((IOCSPService) mAuthority).validate(ocspReq);
- } catch (Exception e) {;
+ } catch (Exception e) {
+ ;
CMS.debug("OCSPServlet: " + e.toString());
}
@@ -219,8 +219,8 @@ public class OCSPServlet extends CMSServlet {
CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq)));
TBSRequest tbsReq = ocspReq.getTBSRequest();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
- com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
- CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
+ com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
+ CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
}
CMS.debug("OCSPServlet: OCSP Response Size:");
CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length));
@@ -232,17 +232,17 @@ public class OCSPServlet extends CMSServlet {
} else if (rbytes.getObjectIdentifier().equals(
ResponseBytes.OCSP_BASIC)) {
BasicOCSPResponse basicRes = (BasicOCSPResponse)
- BasicOCSPResponse.getTemplate().decode(
- new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
+ BasicOCSPResponse.getTemplate().decode(
+ new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
if (basicRes == null) {
CMS.debug("Basic Res is null");
} else {
ResponseData data = basicRes.getResponseData();
for (int i = 0; i < data.getResponseCount(); i++) {
SingleResponse res = data.getResponseAt(i);
- CMS.debug("Serial Number: " +
- res.getCertID().getSerialNumber() +
- " Status: " +
+ CMS.debug("Serial Number: " +
+ res.getCertID().getSerialNumber() +
+ " Status: " +
res.getCertStatus().getClass().getName());
}
}
@@ -250,14 +250,14 @@ public class OCSPServlet extends CMSServlet {
}
httpResp.setContentType("application/ocsp-response");
-
+
httpResp.setContentLength(respbytes.length);
OutputStream ooss = httpResp.getOutputStream();
ooss.write(respbytes);
ooss.flush();
if (statsSub != null) {
- statsSub.endTiming("ocsp");
+ statsSub.endTiming("ocsp");
}
mRenderResult = false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
index 3ec72bb8..d747bd4b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.util.Locale;
@@ -41,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Configure the CA to no longer respond to OCSP requests for a CA
- *
+ *
* @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $
*/
public class RemoveCAServlet extends CMSServlet {
@@ -58,12 +56,12 @@ public class RemoveCAServlet extends CMSServlet {
private IOCSPAuthority mOCSPAuthority = null;
private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST =
- "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
+ "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
+ "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
+ "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
public RemoveCAServlet() {
super();
@@ -72,7 +70,7 @@ public class RemoveCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCA.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -90,18 +88,15 @@ public class RemoveCAServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param ca id. The format is string.
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when
- * a CA is attempted to be removed from the OCSP responder
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS
- * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when
- * a remove CA request to the OCSP Responder is processed successfully or not.
+ * <li>http.param ca id. The format is string.
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a CA is attempted to be removed from the OCSP responder
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when a remove CA request to the OCSP Responder is processed successfully or not.
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
String auditMessage = null;
@@ -132,9 +127,9 @@ public class RemoveCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -142,79 +137,78 @@ public class RemoveCAServlet extends CMSServlet {
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid);
+ CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid);
auditSubjectID = uid;
}
}
- String caID = cmsReq.getHttpReq().getParameter("caID");
-
+ String caID = cmsReq.getHttpReq().getParameter("caID");
- if (caID == null) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
- auditSubjectID,
- ILogger.FAILURE,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ if (caID == null) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
- }
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
+ }
- auditMessage = CMS.getLogMessage(
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST,
auditSubjectID,
ILogger.SUCCESS,
caID);
- audit( auditMessage );
+ audit(auditMessage);
- IDefStore defStore = mOCSPAuthority.getDefaultStore();
+ IDefStore defStore = mOCSPAuthority.getDefaultStore();
- try {
- defStore.deleteCRLIssuingPointRecord(caID);
+ try {
+ defStore.deleteCRLIssuingPointRecord(caID);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
- auditSubjectID,
- ILogger.FAILURE,
- caID);
- audit( auditMessage );
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ caID);
+ audit(auditMessage);
- CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
- throw new EBaseException(e.toString());
+ CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
+ throw new EBaseException(e.toString());
}
CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- caID);
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ caID);
+ audit(auditMessage);
try {
ServletOutputStream out = resp.getOutputStream();
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
index 1e44dad1..f2b3f57a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Process CMC messages according to RFC 2797
* See http://www.ietf.org/rfc/rfc2797.txt
- *
+ *
* @version $Revision$, $Date$
*/
public class CMCProcessor extends PKIProcessor {
@@ -95,18 +93,18 @@ public class CMCProcessor extends PKIProcessor {
}
public void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
}
public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
}
public X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!");
String cmc = protocolString;
@@ -114,17 +112,16 @@ public class CMCProcessor extends PKIProcessor {
try {
byte[] cmcBlob = CMS.AtoB(cmc);
ByteArrayInputStream cmcBlobIn =
- new ByteArrayInputStream(cmcBlob);
+ new ByteArrayInputStream(cmcBlob);
org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+ org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
- if
- (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
+ if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
SignedData cmcFullReq = (SignedData)
- cmcReq.getInterpretedContent();
+ cmcReq.getInterpretedContent();
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
@@ -132,7 +129,7 @@ public class CMCProcessor extends PKIProcessor {
if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+ CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
}
OCTET_STRING content = ci.getContent();
@@ -144,7 +141,7 @@ public class CMCProcessor extends PKIProcessor {
int numReqs = reqSequence.size();
X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
String[] reqIdArray = new String[numReqs];
-
+
for (int i = 0; i < numReqs; i++) {
// decode message.
TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i);
@@ -158,7 +155,7 @@ public class CMCProcessor extends PKIProcessor {
reqIdArray[i] = String.valueOf(p10Id);
CertificationRequest p10 =
- tcr.getCertificationRequest();
+ tcr.getCertificationRequest();
// transfer to sun class
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
@@ -195,7 +192,7 @@ public class CMCProcessor extends PKIProcessor {
reqIdArray[i] = String.valueOf(srcId);
- certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
+ certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
} else {
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
@@ -209,12 +206,12 @@ public class CMCProcessor extends PKIProcessor {
for (int i = 0; i < numDig; i++) {
AlgorithmIdentifier dai =
- (AlgorithmIdentifier) dais.elementAt(i);
+ (AlgorithmIdentifier) dais.elementAt(i);
String name =
- DigestAlgorithm.fromOID(dai.getOID()).toString();
+ DigestAlgorithm.fromOID(dai.getOID()).toString();
MessageDigest md =
- MessageDigest.getInstance(name);
+ MessageDigest.getInstance(name);
byte[] digest = md.digest(content.toByteArray());
@@ -226,8 +223,8 @@ public class CMCProcessor extends PKIProcessor {
for (int i = 0; i < numSis; i++) {
org.mozilla.jss.pkix.cms.SignerInfo si =
- (org.mozilla.jss.pkix.cms.SignerInfo)
- sis.elementAt(i);
+ (org.mozilla.jss.pkix.cms.SignerInfo)
+ sis.elementAt(i);
String name = si.getDigestAlgorithm().toString();
byte[] digest = (byte[]) digs.get(name);
@@ -243,8 +240,7 @@ public class CMCProcessor extends PKIProcessor {
SignerIdentifier sid = si.getSignerIdentifier();
- if
- (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+ if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
// find from the certs in the signedData
X509Certificate cert = null;
@@ -255,20 +251,19 @@ public class CMCProcessor extends PKIProcessor {
for (int j = 0; j < numCerts; j++) {
Certificate certJss =
- (Certificate) certs.elementAt(j);
+ (Certificate) certs.elementAt(j);
CertificateInfo certI =
- certJss.getInfo();
+ certJss.getInfo();
Name issuer = certI.getIssuer();
byte[] issuerB = ASN1Util.encode(issuer);
INTEGER sn = certI.getSerialNumber();
- if (
- new String(issuerB).equals(new
+ if (new String(issuerB).equals(new
String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
- && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+ && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
ByteArrayOutputStream os = new
- ByteArrayOutputStream();
+ ByteArrayOutputStream();
certJss.encode(os);
cert = new X509CertImpl(os.toByteArray());
@@ -296,8 +291,8 @@ public class CMCProcessor extends PKIProcessor {
} else {
}
PK11PubKey pubK =
- PK11PubKey.fromRaw(keyType,
- ((X509Key) signKey).getKey());
+ PK11PubKey.fromRaw(keyType,
+ ((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
}
@@ -321,8 +316,7 @@ public class CMCProcessor extends PKIProcessor {
j++;
}
if (signKey == null) {
- throw new
- ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
"SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
} else {
PrivateKey.Type keyType = null;
@@ -352,7 +346,7 @@ public class CMCProcessor extends PKIProcessor {
for (int i = 0; i < numControls; i++) {
TaggedAttribute control =
- (TaggedAttribute) controls.elementAt(i);
+ (TaggedAttribute) controls.elementAt(i);
OBJECT_IDENTIFIER type = control.getType();
SET values = control.getValues();
int numVals = values.size();
@@ -364,7 +358,7 @@ public class CMCProcessor extends PKIProcessor {
vals = new String[numVals];
for (int j = 0; j < numVals; j++) {
ANY val = (ANY)
- values.elementAt(j);
+ values.elementAt(j);
INTEGER transId = (INTEGER) ((ANY) val).decodeWith(
INTEGER.getTemplate());
@@ -374,17 +368,16 @@ public class CMCProcessor extends PKIProcessor {
}
if (vals != null)
req.setExtData(IRequest.CMC_TRANSID, vals);
- } else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+ } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
String[] vals = null;
if (numVals > 0)
vals = new String[numVals];
for (int j = 0; j < numVals; j++) {
ANY val = (ANY)
- values.elementAt(j);
+ values.elementAt(j);
OCTET_STRING nonce = (OCTET_STRING)
- ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
+ ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
if (nonce != null) {
vals[j] = new String(nonce.toByteArray());
@@ -409,27 +402,27 @@ public class CMCProcessor extends PKIProcessor {
return certInfoArray;
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
- }catch (Exception e) {
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ } catch (Exception e) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
+ CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index 27648758..dcfb3eae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Process CRMF requests, according to RFC 2511
* See http://www.ietf.org/rfc/rfc2511.txt
- *
+ *
* @version $Revision$, $Date$
*/
public class CRMFProcessor extends PKIProcessor {
@@ -70,7 +68,7 @@ public class CRMFProcessor extends PKIProcessor {
private boolean enforcePop = false;
private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
- "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
public CRMFProcessor() {
super();
@@ -84,22 +82,22 @@ public class CRMFProcessor extends PKIProcessor {
}
public void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
}
/**
* Verify Proof of Possession (POP)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof
- * of possession is checked during certificate enrollment
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof of possession is checked during certificate enrollment
* </ul>
+ *
* @param certReqMsg the certificate request message
* @exception EBaseException an error has occurred
*/
private void verifyPOP(CertReqMsg certReqMsg)
- throws EBaseException {
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -118,59 +116,59 @@ public class CRMFProcessor extends PKIProcessor {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.SUCCESS );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.SUCCESS);
- audit( auditMessage );
+ audit(auditMessage);
} catch (Exception e) {
CMS.debug("CRMFProcessor: Failed POP verify!");
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
}
}
} else {
if (enforcePop == true) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
}
}
- } catch( EBaseException eAudit1 ) {
+ } catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
}
}
- public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("CRMFProcessor::processIndividualRequest!");
try {
@@ -205,21 +203,21 @@ public class CRMFProcessor extends PKIProcessor {
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
ByteArrayOutputStream subjectEncStream =
- new ByteArrayOutputStream();
+ new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
+ new CertificateSubjectName(subject));
} else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// No subject name - error!
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
// get extensions
@@ -243,10 +241,10 @@ public class CRMFProcessor extends PKIProcessor {
for (int j = 0; j < numexts; j++) {
org.mozilla.jss.pkix.cert.Extension jssext =
- certTemplate.extensionAt(j);
+ certTemplate.extensionAt(j);
boolean isCritical = jssext.getCritical();
org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
- jssext.getExtnId();
+ jssext.getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
@@ -254,23 +252,23 @@ public class CRMFProcessor extends PKIProcessor {
oidNumbers[k] = (int) numbers[k];
}
ObjectIdentifier oid =
- new ObjectIdentifier(oidNumbers);
+ new ObjectIdentifier(oidNumbers);
org.mozilla.jss.asn1.OCTET_STRING jssvalue =
- jssext.getExtnValue();
+ jssext.getExtnValue();
ByteArrayOutputStream jssvalueout =
- new ByteArrayOutputStream();
+ new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
Extension ext =
- new Extension(oid, isCritical, extValue);
+ new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ new CertificateVersion(CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
@@ -283,7 +281,7 @@ public class CRMFProcessor extends PKIProcessor {
// formulation.
// -- CRMFfillCert
if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
// if authenticated override subect name, validity and
// extensions if any from authtoken.
fillCertInfoFromAuthToken(certInfo, authToken);
@@ -300,31 +298,31 @@ public class CRMFProcessor extends PKIProcessor {
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} /* catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
- throw new ECMSGWException(
- CMSGWResources.ERROR_CRMF_TO_CERTINFO);
- } */ catch (InvalidKeyException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
+ throw new ECMSGWException(
+ CMSGWResources.ERROR_CRMF_TO_CERTINFO);
+ } */catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
public X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CRMFProcessor.fillCertInfoArray!");
@@ -333,10 +331,10 @@ public class CRMFProcessor extends PKIProcessor {
try {
byte[] crmfBlob = CMS.AtoB(crmf);
ByteArrayInputStream crmfBlobIn =
- new ByteArrayInputStream(crmfBlob);
+ new ByteArrayInputStream(crmfBlob);
SEQUENCE crmfMsgs = (SEQUENCE)
- new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+ new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -344,7 +342,7 @@ public class CRMFProcessor extends PKIProcessor {
for (int i = 0; i < nummsgs; i++) {
// decode message.
CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-
+
CertRequest certReq = certReqMsg.getCertReq();
INTEGER certReqId = certReq.getCertReqId();
int srcId = certReqId.intValue();
@@ -360,15 +358,14 @@ public class CRMFProcessor extends PKIProcessor {
return certInfoArray;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
index d021f653..9139f888 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
@@ -17,19 +17,17 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This represents the request parser.
- *
+ *
* @version $Revision$, $Date$
*/
public interface IPKIProcessor {
public void process(CMSRequest cmsReq)
- throws EBaseException;
+ throws EBaseException;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
index cc035033..cfe9754a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* KeyGenProcess parses Certificate request matching the
* KEYGEN tag format used by Netscape Communicator 4.x
- *
+ *
* @version $Revision$, $Date$
*/
public class KeyGenProcessor extends PKIProcessor {
@@ -56,13 +54,13 @@ public class KeyGenProcessor extends PKIProcessor {
}
public void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
}
public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("KeyGenProcessor: fillCertInfo");
@@ -72,7 +70,7 @@ public class KeyGenProcessor extends PKIProcessor {
KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
PKIProcessor.SUBJECT_KEYGEN_INFO, null);
-
+
// fill key
X509Key key = null;
@@ -80,20 +78,20 @@ public class KeyGenProcessor extends PKIProcessor {
if (key == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
+ CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
}
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- "Could not set key into certInfo from keygen. Error " + e);
+ "Could not set key into certInfo from keygen. Error " + e);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
}
String authMgr = mServlet.getAuthMgr();
@@ -106,12 +104,12 @@ public class KeyGenProcessor extends PKIProcessor {
if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// allow special case for agent gateway in admin enroll
// and bulk issuance.
- if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
- !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
+ if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
+ !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
fillCertInfoFromForm(certInfo, httpParams);
} else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 53d38455..dad4b64a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -46,12 +45,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* PKCS10Processor process Certificate Requests in
* PKCS10 format, as defined here:
* http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ *
* @version $Revision$, $Date$
*/
public class PKCS10Processor extends PKIProcessor {
@@ -61,7 +59,7 @@ public class PKCS10Processor extends PKIProcessor {
private final String USE_INTERNAL_PKCS10 = "internal";
public PKCS10Processor() {
-
+
super();
}
@@ -71,24 +69,24 @@ public class PKCS10Processor extends PKIProcessor {
}
public void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
}
- public void fillCertInfo(
- PKCS10 pkcs10, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(
+ PKCS10 pkcs10, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
mPkcs10 = pkcs10;
-
- fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
+
+ fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
}
public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
PKCS10 p10 = null;
@@ -99,8 +97,8 @@ public class PKCS10Processor extends PKIProcessor {
} else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
p10 = mPkcs10;
} else {
- CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
- throw new EBaseException( "p10 is null" );
+ CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
+ throw new EBaseException("p10 is null");
}
if (mServlet == null) {
@@ -123,7 +121,7 @@ public class PKCS10Processor extends PKIProcessor {
certInfo.set(X509CertInfo.KEY, certKey);
} catch (CertificateException e) {
EBaseException ex = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
@@ -140,31 +138,31 @@ public class PKCS10Processor extends PKIProcessor {
if (subject != null) {
try {
certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
+ new CertificateSubjectName(subject));
log(ILogger.LL_INFO,
- "Setting subject name " + subject + " from p10.");
+ "Setting subject name " + subject + " from p10.");
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in X500 name parsing,
// this will catch it.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
}
} else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
}
@@ -177,12 +175,12 @@ public class PKCS10Processor extends PKIProcessor {
if (p10Attrs != null) {
PKCS10Attribute p10Attr = (PKCS10Attribute)
- (p10Attrs.getAttribute(CertificateExtensions.NAME));
+ (p10Attrs.getAttribute(CertificateExtensions.NAME));
if (p10Attr != null && p10Attr.getAttributeId().equals(
PKCS9Attribute.EXTENSION_REQUEST_OID)) {
Extensions exts0 = (Extensions)
- (p10Attr.getAttributeValue());
+ (p10Attr.getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
@@ -196,23 +194,23 @@ public class PKCS10Processor extends PKIProcessor {
}
}
CMS.debug(
- "PKCS10Processor: Seted cert extensions from pkcs10. ");
+ "PKCS10Processor: Seted cert extensions from pkcs10. ");
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in extensions parsing,
// this will catch it.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
}
@@ -223,8 +221,8 @@ public class PKCS10Processor extends PKIProcessor {
String authMgr = mServlet.getAuthMgr();
if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
- !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
+ !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
fillCertInfoFromAuthToken(certInfo, authToken);
}
@@ -233,12 +231,12 @@ public class PKCS10Processor extends PKIProcessor {
// from the http parameters.
if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
fillValidityFromForm(certInfo, httpParams);
- }
-
+ }
+
}
private PKCS10 getPKCS10(IArgBlock httpParams)
- throws EBaseException {
+ throws EBaseException {
PKCS10 pkcs10 = null;
@@ -277,7 +275,7 @@ public class PKCS10Processor extends PKIProcessor {
try {
// coming from server cut & paste blob.
pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
- }catch (Exception ex) {
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -286,4 +284,4 @@ public class PKCS10Processor extends PKIProcessor {
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
index 625808d7..df7b0c3d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Date;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Process Certificate Requests
- *
+ *
* @version $Revision$, $Date$
*/
public class PKIProcessor implements IPKIProcessor {
@@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor {
public static final String PKCS10_REQUEST = "pkcs10Request";
public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
- protected CMSRequest mRequest = null;
+ protected CMSRequest mRequest = null;
protected HttpServletRequest httpReq = null;
protected String mServletId = null;
@@ -84,18 +82,18 @@ public class PKIProcessor implements IPKIProcessor {
}
public void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
}
protected void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
}
protected X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
return null;
}
@@ -106,8 +104,8 @@ public class PKIProcessor implements IPKIProcessor {
* requests not authenticated will need to be approved by an agent.
*/
public static void fillCertInfoFromAuthToken(
- X509CertInfo certInfo, IAuthToken authToken)
- throws EBaseException {
+ X509CertInfo certInfo, IAuthToken authToken)
+ throws EBaseException {
// override subject, validity and extensions from auth token
// CA determines algorithm, version and issuer.
// take key from keygen, cmc, pkcs10 or crmf.
@@ -116,60 +114,60 @@ public class PKIProcessor implements IPKIProcessor {
// subject name.
try {
String subjectname =
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
if (subjectname != null) {
CertificateSubjectName certSubject = (CertificateSubjectName)
- new CertificateSubjectName(new X500Name(subjectname));
+ new CertificateSubjectName(new X500Name(subjectname));
certInfo.set(X509CertInfo.SUBJECT, certSubject);
log(ILogger.LL_INFO,
- "cert subject set to " + certSubject + " from authtoken");
+ "cert subject set to " + certSubject + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
// validity
try {
CertificateValidity validity = null;
Date notBefore =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
Date notAfter =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
log(ILogger.LL_INFO,
- "cert validity set to " + validity + " from authtoken");
+ "cert validity set to " + validity + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
}
// extensions
try {
CertificateExtensions extensions =
- authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+ authToken.getInCertExts(X509CertInfo.EXTENSIONS);
if (extensions != null) {
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -177,14 +175,14 @@ public class PKIProcessor implements IPKIProcessor {
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
}
}
@@ -195,8 +193,8 @@ public class PKIProcessor implements IPKIProcessor {
* all be seen by and agent.
*/
public static void fillCertInfoFromForm(
- X509CertInfo certInfo, IArgBlock httpParams)
- throws EBaseException {
+ X509CertInfo certInfo, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("PKIProcessor: fillCertInfoFromForm");
// subject name.
@@ -205,41 +203,41 @@ public class PKIProcessor implements IPKIProcessor {
if (subject == null) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
}
X500Name x500name = new X500Name(subject);
certInfo.set(
- X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
+ X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
fillValidityFromForm(certInfo, httpParams);
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IllegalArgumentException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
+ CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
}
// requested extensions.
// let polcies form extensions from http input.
}
- public static void fillValidityFromForm(
- X509CertInfo certInfo, IArgBlock httpParams)
- throws EBaseException {
+ public static void fillValidityFromForm(
+ X509CertInfo certInfo, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("PKIProcessor: fillValidityFromForm!");
try {
String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
@@ -267,43 +265,43 @@ public class PKIProcessor implements IPKIProcessor {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
log(ILogger.LL_INFO,
- "cert validity set to " + validity + " from authtoken");
+ "cert validity set to " + validity + " from authtoken");
}
}
}
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
}
/**
* log according to authority category.
*/
- public static void log(int event, int level, String msg) {
+ public static void log(int event, int level, String msg) {
CMS.getLogger().log(event, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
public static void log(int level, String msg) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
/**
* Signed Audit Log
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -315,20 +313,20 @@ public class PKIProcessor implements IPKIProcessor {
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
+ *
* This method is inherited by all extended "CMSServlet"s,
* and is called to obtain the "SubjectID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -358,4 +356,3 @@ public class PKIProcessor implements IPKIProcessor {
return subjectID;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index da24d2c2..dafdb33d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Toggle the approval state of a profile
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileApproveServlet extends ProfileServlet {
@@ -59,10 +57,10 @@ public class ProfileApproveServlet extends ProfileServlet {
*/
private static final long serialVersionUID = 3956879326742839550L;
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
- "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
+ "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
private final static String OP_APPROVE = "approve";
private final static String OP_DISAPPROVE = "disapprove";
@@ -73,7 +71,7 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -84,13 +82,12 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Process the HTTP request.
* <P>
- *
+ *
* <ul>
* <li>http.param profileId the id of the profile to change
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an
- * agent approves/disapproves a cert profile set by the administrator for
- * automatic approval
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert profile set by the administrator for automatic approval
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -126,8 +123,8 @@ public class ProfileApproveServlet extends ProfileServlet {
auditSubjectID = auditSubjectID();
CMS.debug(e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_AUTHENTICATION_ERROR"));
@@ -153,12 +150,12 @@ public class ProfileApproveServlet extends ProfileServlet {
mAuthzResourceName, "approve");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -214,8 +211,8 @@ public class ProfileApproveServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
+ " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -236,8 +233,8 @@ public class ProfileApproveServlet extends ProfileServlet {
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileApproveServlet: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileApproveServlet: Request Queue of " +
+ mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -265,31 +262,31 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
if (ps.isProfileEnable(profileId)) {
- if (ps.checkOwner()) {
- if (ps.getProfileEnableBy(profileId).equals(userid)) {
- ps.disableProfile(profileId);
- } else {
- // only enableBy can disable profile
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_OWNER"));
- outputTemplate(request, response, args);
-
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
+ if (ps.checkOwner()) {
+ if (ps.getProfileEnableBy(profileId).equals(userid)) {
+ ps.disableProfile(profileId);
+ } else {
+ // only enableBy can disable profile
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_OWNER"));
+ outputTemplate(request, response, args);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
auditSubjectID,
ILogger.FAILURE,
auditProfileID,
auditProfileOp);
- audit(auditMessage);
+ audit(auditMessage);
- return;
+ return;
+ }
+ } else {
+ ps.disableProfile(profileId);
}
- } else {
- ps.disableProfile(profileId);
- }
} else {
ps.enableProfile(profileId, userid);
}
@@ -305,8 +302,8 @@ public class ProfileApproveServlet extends ProfileServlet {
audit(auditMessage);
} catch (EProfileException e) {
// profile not enabled
- CMS.debug("ProfileApproveServlet: profile not error " +
- e.toString());
+ CMS.debug("ProfileApproveServlet: profile not error " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -356,8 +353,8 @@ public class ProfileApproveServlet extends ProfileServlet {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileApproveServlet: profile not found " +
- e.toString());
+ CMS.debug("ProfileApproveServlet: profile not found " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, e.toString());
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -386,13 +383,13 @@ public class ProfileApproveServlet extends ProfileServlet {
while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(setId, id);
+ profile.getProfilePolicy(setId, id);
// (3) query all the profile policies
// (4) default plugins convert request parameters
// into string http parameters
handlePolicy(list, response, locale,
- id, policy);
+ id, policy);
}
ArgSet setArg = new ArgSet();
@@ -403,8 +400,8 @@ public class ProfileApproveServlet extends ProfileServlet {
args.set(ARG_POLICY_SET_LIST, setlist);
args.set(ARG_PROFILE_ID, profileId);
- args.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(profileId)));
+ args.set(ARG_PROFILE_IS_ENABLED,
+ Boolean.toString(ps.isProfileEnable(profileId)));
args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
args.set(ARG_PROFILE_NAME, profile.getName(locale));
args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
@@ -413,8 +410,8 @@ public class ProfileApproveServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
@@ -434,19 +431,19 @@ public class ProfileApproveServlet extends ProfileServlet {
String defName = (String) defNames.nextElement();
IDescriptor defDesc = def.getValueDescriptor(locale, defName);
if (defDesc == null) {
- CMS.debug("defName=" + defName);
+ CMS.debug("defName=" + defName);
} else {
- String defSyntax = defDesc.getSyntax();
- String defConstraint = defDesc.getConstraint();
- String defValueName = defDesc.getDescription(locale);
- String defValue = null;
-
- defset.set(ARG_DEF_ID, defName);
- defset.set(ARG_DEF_SYNTAX, defSyntax);
- defset.set(ARG_DEF_CONSTRAINT, defConstraint);
- defset.set(ARG_DEF_NAME, defValueName);
- defset.set(ARG_DEF_VAL, defValue);
- deflist.add(defset);
+ String defSyntax = defDesc.getSyntax();
+ String defConstraint = defDesc.getConstraint();
+ String defValueName = defDesc.getDescription(locale);
+ String defValue = null;
+
+ defset.set(ARG_DEF_ID, defName);
+ defset.set(ARG_DEF_SYNTAX, defSyntax);
+ defset.set(ARG_DEF_CONSTRAINT, defConstraint);
+ defset.set(ARG_DEF_NAME, defValueName);
+ defset.set(ARG_DEF_VAL, defValue);
+ deflist.add(defset);
}
}
}
@@ -463,11 +460,11 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile ID
- *
+ *
* This method is called to obtain the "ProfileID" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message ProfileID
*/
@@ -493,14 +490,14 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile Operation
- *
+ *
* This method is called to obtain the "Profile Operation" for
* a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
- * or SIGNED_AUDIT_EMPTY_VALUE
+ * or SIGNED_AUDIT_EMPTY_VALUE
*/
private String auditProfileOp(HttpServletRequest req) {
// if no signed audit object exists, bail
@@ -509,12 +506,12 @@ public class ProfileApproveServlet extends ProfileServlet {
}
if (mProfileSubId == null ||
- mProfileSubId.equals("")) {
+ mProfileSubId.equals("")) {
mProfileSubId = IProfileSubsystem.ID;
}
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -533,4 +530,3 @@ public class ProfileApproveServlet extends ProfileServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
index 4da41f7a..8581b3ca 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* List all enabled profiles.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileListServlet extends ProfileServlet {
@@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet {
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
public ProfileListServlet() {
super();
@@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet {
/**
* Process the HTTP request.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -93,10 +91,10 @@ public class ProfileListServlet extends ProfileServlet {
mAuthzResourceName, "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -115,17 +113,17 @@ public class ProfileListServlet extends ProfileServlet {
}
CMS.debug("ProfileListServlet: SubId=" + mProfileSubId);
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
- CMS.debug("ProfileListServlet: ProfileSubsystem " +
- mProfileSubId + " not found");
+ CMS.debug("ProfileListServlet: ProfileSubsystem " +
+ mProfileSubId + " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
- }
+ }
ArgList list = new ArgList();
Enumeration e = ps.getProfileIds();
@@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet {
profile = ps.getProfile(id);
} catch (EBaseException e1) {
// skip bad profile
- CMS.debug("ProfileListServlet: profile " + id +
- " not found (skipped) " + e1.toString());
+ CMS.debug("ProfileListServlet: profile " + id +
+ " not found (skipped) " + e1.toString());
continue;
}
if (profile == null) {
- CMS.debug("ProfileListServlet: profile " + id +
- " not found (skipped)");
+ CMS.debug("ProfileListServlet: profile " + id +
+ " not found (skipped)");
continue;
}
@@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet {
ArgSet profileArgs = new ArgSet();
profileArgs.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(id)));
+ Boolean.toString(ps.isProfileEnable(id)));
profileArgs.set(ARG_PROFILE_ENABLED_BY,
- ps.getProfileEnableBy(id));
+ ps.getProfileEnableBy(id));
profileArgs.set(ARG_PROFILE_ID, id);
- profileArgs.set(ARG_PROFILE_IS_VISIBLE,
- Boolean.toString(profile.isVisible()));
+ profileArgs.set(ARG_PROFILE_IS_VISIBLE,
+ Boolean.toString(profile.isVisible()));
profileArgs.set(ARG_PROFILE_NAME, name);
profileArgs.set(ARG_PROFILE_DESC, desc);
list.add(profileArgs);
-
+
}
}
args.set(ARG_RECORD, list);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index 33233275..ede2416e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet;
import com.netscape.certsrv.util.IStatsSubsystem;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This servlet approves profile-based request.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileProcessServlet extends ProfileServlet {
@@ -79,9 +77,9 @@ public class ProfileProcessServlet extends ProfileServlet {
private Nonces mNonces = null;
private final static String SIGNED_AUDIT_CERT_REQUEST_REASON =
- "requestNotes";
+ "requestNotes";
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
public ProfileProcessServlet() {
}
@@ -103,9 +101,9 @@ public class ProfileProcessServlet extends ProfileServlet {
HttpServletRequest request = cmsReq.getHttpReq();
HttpServletResponse response = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("approval", true /* main action */);
+ statsSub.startTiming("approval", true /* main action */);
}
IAuthToken authToken = null;
@@ -119,13 +117,13 @@ public class ProfileProcessServlet extends ProfileServlet {
} catch (EBaseException e) {
CMS.debug("ProfileProcessServlet: " + e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -138,10 +136,10 @@ public class ProfileProcessServlet extends ProfileServlet {
mAuthzResourceName, "approve");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -150,7 +148,7 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -171,7 +169,7 @@ public class ProfileProcessServlet extends ProfileServlet {
} else {
CMS.debug("ProfileProcessServlet: Missing nonce");
}
- CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified);
+ CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified);
if (!nonceVerified) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -194,7 +192,7 @@ public class ProfileProcessServlet extends ProfileServlet {
}
CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId);
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileProcessServlet: ProfileSubsystem not found");
@@ -203,7 +201,7 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -213,13 +211,13 @@ public class ProfileProcessServlet extends ProfileServlet {
if (authority == null) {
CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId +
- " not found");
+ " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -227,13 +225,13 @@ public class ProfileProcessServlet extends ProfileServlet {
if (queue == null) {
CMS.debug("ProfileProcessServlet: Request Queue of " +
- mAuthorityId + " not found");
+ mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -247,7 +245,7 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_REQUEST_ID_NOT_FOUND"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet {
req = queue.findRequest(new RequestId(requestId));
} catch (EBaseException e) {
// request not found
- CMS.debug("ProfileProcessServlet: request not found requestId=" +
- requestId + " " + e.toString());
+ CMS.debug("ProfileProcessServlet: request not found requestId=" +
+ requestId + " " + e.toString());
}
if (req == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_REQUEST_NOT_FOUND", requestId));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
- // check if the request is in one of the terminal states
+ // check if the request is in one of the terminal states
if (!req.getRequestStatus().equals(RequestStatus.PENDING)) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_REQUEST_ID, requestId);
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -296,7 +294,7 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_PROFILE_ID_NOT_FOUND"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -309,20 +307,19 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_OP_NOT_FOUND"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
-
IProfile profile = null;
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileProcessServlet: profile not found " +
- " " + " profileId=" + profileId + " " + e.toString());
+ CMS.debug("ProfileProcessServlet: profile not found " +
+ " " + " profileId=" + profileId + " " + e.toString());
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_PROFILE_NOT_FOUND", profileId));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -348,12 +345,11 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_PROFILE_ID_NOT_ENABLED"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
-
args.set(ARG_ERROR_CODE, "0");
args.set(ARG_ERROR_REASON, "");
@@ -375,7 +371,7 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -414,14 +410,14 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
}
// commit request to the storage
- if (!op.equals("validate")) {
+ if (!op.equals("validate")) {
try {
if (op.equals("approve")) {
queue.markAsServiced(req);
@@ -429,40 +425,40 @@ public class ProfileProcessServlet extends ProfileServlet {
queue.updateRequest(req);
}
} catch (EBaseException e) {
- CMS.debug("ProfileProcessServlet: Request commit error " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: Request commit error " +
+ e.toString());
// save request to disk
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
}
} catch (ERejectException e) {
- CMS.debug("ProfileProcessServlet: execution rejected " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution rejected " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_PROFILE_REJECTED", e.toString()));
} catch (EDeferException e) {
- CMS.debug("ProfileProcessServlet: execution defered " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution defered " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_PROFILE_DEFERRED", e.toString()));
} catch (EPropertyException e) {
- CMS.debug("ProfileProcessServlet: execution error " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution error " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_PROFILE_PROPERTY_ERROR", e.toString()));
} catch (EProfileException e) {
- CMS.debug("ProfileProcessServlet: execution error " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution error " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -475,15 +471,15 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_PROFILE_ID, profileId);
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
}
-
+
public boolean grantPermission(IRequest req, IAuthToken token) {
try {
boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable",
- false);
+ false);
if (!enable)
return true;
String owner = req.getRequestOwner();
@@ -496,32 +492,32 @@ public class ProfileProcessServlet extends ProfileServlet {
return true;
} catch (Exception e) {
}
-
+
return false;
}
/**
* Check if the request creation time is older than the profile
- * lastModified attribute.
+ * lastModified attribute.
*/
- protected void checkProfileVersion(IProfile profile, IRequest req,
- Locale locale) throws EProfileException {
+ protected void checkProfileVersion(IProfile profile, IRequest req,
+ Locale locale) throws EProfileException {
IConfigStore profileConfig = profile.getConfigStore();
if (profileConfig != null) {
String lastModified = null;
try {
- lastModified = profileConfig.getString("lastModified","");
+ lastModified = profileConfig.getString("lastModified", "");
} catch (EBaseException e) {
- CMS.debug(e.toString());
- throw new EProfileException( e.toString() );
+ CMS.debug(e.toString());
+ throw new EProfileException(e.toString());
}
if (!lastModified.equals("")) {
Date profileModifiedAt = new Date(Long.parseLong(lastModified));
- CMS.debug("ProfileProcessServlet: Profile Last Modified=" +
- profileModifiedAt);
+ CMS.debug("ProfileProcessServlet: Profile Last Modified=" +
+ profileModifiedAt);
Date reqCreatedAt = req.getCreationTime();
- CMS.debug("ProfileProcessServlet: Request Created At=" +
- reqCreatedAt);
+ CMS.debug("ProfileProcessServlet: Request Created At=" +
+ reqCreatedAt);
if (profileModifiedAt.after(reqCreatedAt)) {
CMS.debug("Profile Newer Than Request");
throw new ERejectException("Profile Newer Than Request");
@@ -531,18 +527,18 @@ public class ProfileProcessServlet extends ProfileServlet {
}
protected void assignRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String id = auditSubjectID();
req.setRequestOwner(id);
}
protected void unassignRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
req.setRequestOwner("");
}
@@ -551,14 +547,13 @@ public class ProfileProcessServlet extends ProfileServlet {
* Cancel request
* <P>
*
- * (Certificate Request Processed - a manual "agent" profile based cert
- * cancellation)
+ * (Certificate Request Processed - a manual "agent" profile based cert cancellation)
* <P>
*
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param request the servlet request
* @param args argument set
* @param req the certificate request
@@ -566,12 +561,12 @@ public class ProfileProcessServlet extends ProfileServlet {
* @param profile this profile
* @param locale the system locale
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
protected void cancelRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
@@ -608,14 +603,13 @@ public class ProfileProcessServlet extends ProfileServlet {
* Reject request
* <P>
*
- * (Certificate Request Processed - a manual "agent" profile based cert
- * rejection)
+ * (Certificate Request Processed - a manual "agent" profile based cert rejection)
* <P>
*
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param request the servlet request
* @param args argument set
* @param req the certificate request
@@ -623,12 +617,12 @@ public class ProfileProcessServlet extends ProfileServlet {
* @param profile this profile
* @param locale the system locale
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
protected void rejectRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
@@ -665,14 +659,13 @@ public class ProfileProcessServlet extends ProfileServlet {
* Approve request
* <P>
*
- * (Certificate Request Processed - a manual "agent" profile based cert
- * acceptance)
+ * (Certificate Request Processed - a manual "agent" profile based cert acceptance)
* <P>
*
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param request the servlet request
* @param args argument set
* @param req the certificate request
@@ -680,12 +673,12 @@ public class ProfileProcessServlet extends ProfileServlet {
* @param profile this profile
* @param locale the system locale
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
- protected void approveRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ protected void approveRequest(ServletRequest request, ArgSet args,
+ IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
@@ -709,33 +702,33 @@ public class ProfileProcessServlet extends ProfileServlet {
while (outputNames.hasMoreElements()) {
ArgSet outputset = new ArgSet();
String outputName =
- outputNames.nextElement();
+ outputNames.nextElement();
IDescriptor outputDesc =
- profileOutput.getValueDescriptor(locale,
- outputName);
+ profileOutput.getValueDescriptor(locale,
+ outputName);
if (outputDesc == null)
continue;
String outputSyntax = outputDesc.getSyntax();
String outputConstraint =
- outputDesc.getConstraint();
+ outputDesc.getConstraint();
String outputValueName =
- outputDesc.getDescription(locale);
+ outputDesc.getDescription(locale);
String outputValue = null;
try {
outputValue = profileOutput.getValue(
- outputName,
+ outputName,
locale, req);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitServlet: " +
- e.toString());
+ e.toString());
}
outputset.set(ARG_OUTPUT_ID, outputName);
outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax);
outputset.set(ARG_OUTPUT_CONSTRAINT,
- outputConstraint);
+ outputConstraint);
outputset.set(ARG_OUTPUT_NAME, outputValueName);
outputset.set(ARG_OUTPUT_VAL, outputValue);
outputlist.add(outputset);
@@ -775,13 +768,12 @@ public class ProfileProcessServlet extends ProfileServlet {
CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute.");
throw new EProfileException(eAudit1.toString());
-
}
}
- protected void updateValues(ServletRequest request, IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws ERejectException, EDeferException, EPropertyException {
+ protected void updateValues(ServletRequest request, IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws ERejectException, EDeferException, EPropertyException {
String profileSetId = req.getExtDataInString("profileSetId");
Enumeration policies = profile.getProfilePolicies(profileSetId);
@@ -813,17 +805,17 @@ public class ProfileProcessServlet extends ProfileServlet {
}
}
- protected void validate(Locale locale, int count,
- IProfilePolicy policy, IRequest req, ServletRequest request)
- throws ERejectException, EDeferException {
+ protected void validate(Locale locale, int count,
+ IProfilePolicy policy, IRequest req, ServletRequest request)
+ throws ERejectException, EDeferException {
IPolicyConstraint con = policy.getConstraint();
con.validate(req);
}
- protected void setValue(Locale locale, int count,
- IProfilePolicy policy, IRequest req, ServletRequest request)
- throws EPropertyException {
+ protected void setValue(Locale locale, int count,
+ IProfilePolicy policy, IRequest req, ServletRequest request)
+ throws EPropertyException {
// handle default policy
IPolicyDefault def = policy.getDefault();
Enumeration defNames = def.getValueNames();
@@ -838,11 +830,11 @@ public class ProfileProcessServlet extends ProfileServlet {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -868,11 +860,11 @@ public class ProfileProcessServlet extends ProfileServlet {
/**
* Signed Audit Log Info Value
- *
+ *
* This method is called to obtain the "reason" for
* a signed audit log message.
* <P>
- *
+ *
* @param request the actual request
* @return reason string containing the signed audit log message reason
*/
@@ -887,7 +879,7 @@ public class ProfileProcessServlet extends ProfileServlet {
if (request != null) {
// overwrite "reason" if and only if "info" != null
String info =
- request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
+ request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
if (info != null) {
reason = info.trim();
@@ -904,11 +896,11 @@ public class ProfileProcessServlet extends ProfileServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param x509cert an X509CertImpl
* @return cert string containing the certificate
*/
@@ -941,7 +933,7 @@ public class ProfileProcessServlet extends ProfileServlet {
// extract all line separators from the "base64Data"
StringBuffer sb = new StringBuffer();
for (int i = 0; i < base64Data.length(); i++) {
- if (!Character.isWhitespace(base64Data.charAt(i))) {
+ if (!Character.isWhitespace(base64Data.charAt(i))) {
sb.append(base64Data.charAt(i));
}
}
@@ -961,4 +953,3 @@ public class ProfileProcessServlet extends ProfileServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
index 00840dd8..11aaa749 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Random;
@@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This servlet allows reviewing of profile-based request.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileReviewServlet extends ProfileServlet {
@@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet {
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
private Random mRandom = null;
private Nonces mNonces = null;
@@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet {
* <ul>
* <li>http.param requestId the ID of the profile to review
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -120,13 +118,13 @@ public class ProfileReviewServlet extends ProfileServlet {
} catch (EBaseException e) {
CMS.debug("ReviewReqServlet: " + e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
return;
- }
+ }
}
AuthzToken authzToken = null;
@@ -136,15 +134,15 @@ public class ProfileReviewServlet extends ProfileServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
return;
@@ -158,7 +156,7 @@ public class ProfileReviewServlet extends ProfileServlet {
}
CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId);
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileReviewServlet: ProfileSubsystem not found");
@@ -174,7 +172,7 @@ public class ProfileReviewServlet extends ProfileServlet {
if (authority == null) {
CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId +
- " not found");
+ " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -185,7 +183,7 @@ public class ProfileReviewServlet extends ProfileServlet {
if (queue == null) {
CMS.debug("ProfileReviewServlet: Request Queue of " +
- mAuthorityId + " not found");
+ mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -201,8 +199,8 @@ public class ProfileReviewServlet extends ProfileServlet {
req = queue.findRequest(new RequestId(requestId));
} catch (EBaseException e) {
// request not found
- CMS.debug("ProfileReviewServlet: request not found requestId=" +
- requestId + " " + e.toString());
+ CMS.debug("ProfileReviewServlet: request not found requestId=" +
+ requestId + " " + e.toString());
}
if (req == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -214,16 +212,16 @@ public class ProfileReviewServlet extends ProfileServlet {
String profileId = req.getExtDataInString("profileId");
- CMS.debug("ProfileReviewServlet: requestId=" +
- requestId + " profileId=" + profileId);
+ CMS.debug("ProfileReviewServlet: requestId=" +
+ requestId + " profileId=" + profileId);
IProfile profile = null;
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileReviewServlet: profile not found requestId=" +
- requestId + " profileId=" + profileId + " " + e.toString());
+ CMS.debug("ProfileReviewServlet: profile not found requestId=" +
+ requestId + " profileId=" + profileId + " " + e.toString());
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -232,27 +230,27 @@ public class ProfileReviewServlet extends ProfileServlet {
outputTemplate(request, response, args);
return;
}
-
+
String profileSetId = req.getExtDataInString("profileSetId");
CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId);
- Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)?
- profile.getProfilePolicyIds(profileSetId): null;
+ Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ?
+ profile.getProfilePolicyIds(profileSetId) : null;
int count = 0;
ArgList list = new ArgList();
if (policyIds != null) {
- while (policyIds.hasMoreElements()) {
+ while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
- id);
+ profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
+ id);
// (3) query all the profile policies
// (4) default plugins convert request parameters into string
// http parameters
handlePolicy(list, response, locale,
- id, policy, req);
+ id, policy, req);
count++;
}
}
@@ -269,34 +267,34 @@ public class ProfileReviewServlet extends ProfileServlet {
args.set(ARG_REQUEST_TYPE, req.getRequestType());
args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
if (req.getRequestOwner() == null) {
- args.set(ARG_REQUEST_OWNER, "");
+ args.set(ARG_REQUEST_OWNER, "");
} else {
- args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
+ args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
}
args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString());
- args.set(ARG_REQUEST_MODIFICATION_TIME,
- req.getModificationTime().toString());
+ args.set(ARG_REQUEST_MODIFICATION_TIME,
+ req.getModificationTime().toString());
args.set(ARG_PROFILE_ID, profileId);
- args.set(ARG_PROFILE_APPROVED_BY,
- req.getExtDataInString("profileApprovedBy"));
+ args.set(ARG_PROFILE_APPROVED_BY,
+ req.getExtDataInString("profileApprovedBy"));
args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId"));
if (profile.isVisible()) {
- args.set(ARG_PROFILE_IS_VISIBLE, "true");
+ args.set(ARG_PROFILE_IS_VISIBLE, "true");
} else {
- args.set(ARG_PROFILE_IS_VISIBLE, "false");
+ args.set(ARG_PROFILE_IS_VISIBLE, "false");
}
args.set(ARG_PROFILE_NAME, profile.getName(locale));
args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
- args.set(ARG_PROFILE_REMOTE_HOST,
- req.getExtDataInString("profileRemoteHost"));
- args.set(ARG_PROFILE_REMOTE_ADDR,
- req.getExtDataInString("profileRemoteAddr"));
+ args.set(ARG_PROFILE_REMOTE_HOST,
+ req.getExtDataInString("profileRemoteHost"));
+ args.set(ARG_PROFILE_REMOTE_ADDR,
+ req.getExtDataInString("profileRemoteAddr"));
if (req.getExtDataInString("requestNotes") == null) {
args.set(ARG_REQUEST_NOTES, "");
} else {
- args.set(ARG_REQUEST_NOTES,
- req.getExtDataInString("requestNotes"));
+ args.set(ARG_REQUEST_NOTES,
+ req.getExtDataInString("requestNotes"));
}
args.set(ARG_RECORD, list);
@@ -358,7 +356,7 @@ public class ProfileReviewServlet extends ProfileServlet {
while (outputIds.hasMoreElements()) {
String outputId = (String) outputIds.nextElement();
IProfileOutput profileOutput = profile.getProfileOutput(outputId
- );
+ );
Enumeration outputNames = profileOutput.getValueNames();
@@ -366,9 +364,9 @@ public class ProfileReviewServlet extends ProfileServlet {
while (outputNames.hasMoreElements()) {
ArgSet outputset = new ArgSet();
String outputName = (String) outputNames.nextElement
- ();
+ ();
IDescriptor outputDesc =
- profileOutput.getValueDescriptor(locale, outputName);
+ profileOutput.getValueDescriptor(locale, outputName);
if (outputDesc == null)
continue;
@@ -382,7 +380,7 @@ public class ProfileReviewServlet extends ProfileServlet {
locale, req);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitServlet: " + e.toString(
- ));
+ ));
}
outputset.set(ARG_OUTPUT_ID, outputName);
@@ -401,9 +399,9 @@ public class ProfileReviewServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy,
- IRequest req) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy,
+ IRequest req) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
index 813af8f6..462c628b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Retrieve detailed information of a particular profile.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileSelectServlet extends ProfileServlet {
@@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet {
*/
private static final long serialVersionUID = -3765390650830903602L;
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
public ProfileSelectServlet() {
}
@@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet {
* <ul>
* <li>http.param profileId the id of the profile to select
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,7 +94,7 @@ public class ProfileSelectServlet extends ProfileServlet {
} catch (EBaseException e) {
CMS.debug("ProcessReqServlet: " + e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_AUTHENTICATION_ERROR"));
@@ -112,10 +110,10 @@ public class ProfileSelectServlet extends ProfileServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -134,7 +132,7 @@ public class ProfileSelectServlet extends ProfileServlet {
}
CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId);
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSelectServlet: ProfileSubsystem not found");
@@ -150,7 +148,7 @@ public class ProfileSelectServlet extends ProfileServlet {
if (authority == null) {
CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId +
- " not found");
+ " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -161,7 +159,7 @@ public class ProfileSelectServlet extends ProfileServlet {
if (queue == null) {
CMS.debug("ProfileSelectServlet: Request Queue of " +
- mAuthorityId + " not found");
+ mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -179,8 +177,8 @@ public class ProfileSelectServlet extends ProfileServlet {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileSelectServlet: profile not found profileId=" +
- profileId + " " + e.toString());
+ CMS.debug("ProfileSelectServlet: profile not found profileId=" +
+ profileId + " " + e.toString());
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -189,7 +187,7 @@ public class ProfileSelectServlet extends ProfileServlet {
outputTemplate(request, response, args);
return;
}
-
+
ArgList setlist = new ArgList();
Enumeration policySetIds = profile.getProfilePolicySetIds();
@@ -204,13 +202,13 @@ public class ProfileSelectServlet extends ProfileServlet {
while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(setId, id);
+ profile.getProfilePolicy(setId, id);
// (3) query all the profile policies
// (4) default plugins convert request parameters into string
// http parameters
handlePolicy(list, response, locale,
- id, policy);
+ id, policy);
}
}
ArgSet setArg = new ArgSet();
@@ -224,29 +222,29 @@ public class ProfileSelectServlet extends ProfileServlet {
args.set(ARG_PROFILE_ID, profileId);
args.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(profileId)));
+ Boolean.toString(ps.isProfileEnable(profileId)));
args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
args.set(ARG_PROFILE_NAME, profile.getName(locale));
- args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
- args.set(ARG_PROFILE_IS_VISIBLE,
- Boolean.toString(profile.isVisible()));
+ args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
+ args.set(ARG_PROFILE_IS_VISIBLE,
+ Boolean.toString(profile.isVisible()));
args.set(ARG_ERROR_CODE, "0");
args.set(ARG_ERROR_REASON, "");
try {
- boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
- if (keyArchivalEnabled == true) {
- CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
-
- // output transport certificate if present
- args.set("transportCert",
- CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
- } else {
- CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
- args.set("transportCert", "");
- }
+ boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
+ if (keyArchivalEnabled == true) {
+ CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
+
+ // output transport certificate if present
+ args.set("transportCert",
+ CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
+ } else {
+ CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
+ args.set("transportCert", "");
+ }
} catch (EBaseException e) {
- CMS.debug("ProfileSelectServlet: exception caught:"+e.toString());
+ CMS.debug("ProfileSelectServlet: exception caught:" + e.toString());
}
// build authentication
@@ -259,7 +257,7 @@ public class ProfileSelectServlet extends ProfileServlet {
// authenticator not installed correctly
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
+ "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
profile.getAuthenticatorId()));
outputTemplate(request, response, args);
return;
@@ -272,8 +270,8 @@ public class ProfileSelectServlet extends ProfileServlet {
while (authNames.hasMoreElements()) {
ArgSet authset = new ArgSet();
String authName = (String) authNames.nextElement();
- IDescriptor authDesc =
- authenticator.getValueDescriptor(locale, authName);
+ IDescriptor authDesc =
+ authenticator.getValueDescriptor(locale, authName);
if (authDesc == null)
continue;
@@ -291,8 +289,8 @@ public class ProfileSelectServlet extends ProfileServlet {
args.set(ARG_AUTH_LIST, authlist);
args.set(ARG_AUTH_NAME, authenticator.getName(locale));
args.set(ARG_AUTH_DESC, authenticator.getText(locale));
- args.set(ARG_AUTH_IS_SSL,
- Boolean.toString(authenticator.isSSLClientRequired()));
+ args.set(ARG_AUTH_IS_SSL,
+ Boolean.toString(authenticator.isSSLClientRequired()));
}
// build input list
@@ -309,10 +307,10 @@ public class ProfileSelectServlet extends ProfileServlet {
ArgSet inputpluginset = new ArgSet();
inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId);
- inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
- profileInput.getName(locale));
- inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
- profileInput.getText(locale));
+ inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
+ profileInput.getName(locale));
+ inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
+ profileInput.getText(locale));
inputPluginlist.add(inputpluginset);
Enumeration inputNames = profileInput.getValueNames();
@@ -352,8 +350,8 @@ public class ProfileSelectServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index 46f3797d..368e3659 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.FileReader;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.Utils;
-
/**
* This servlet is the base class of all profile servlets.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileServlet extends CMSServlet {
@@ -67,12 +65,12 @@ public class ProfileServlet extends CMSServlet {
public final static String ARG_REQUEST_ID = "requestId";
public final static String ARG_REQUEST_TYPE = "requestType";
public final static String ARG_REQUEST_STATUS = "requestStatus";
- public final static String ARG_REQUEST_OWNER =
- "requestOwner";
- public final static String ARG_REQUEST_CREATION_TIME =
- "requestCreationTime";
- public final static String ARG_REQUEST_MODIFICATION_TIME =
- "requestModificationTime";
+ public final static String ARG_REQUEST_OWNER =
+ "requestOwner";
+ public final static String ARG_REQUEST_CREATION_TIME =
+ "requestCreationTime";
+ public final static String ARG_REQUEST_MODIFICATION_TIME =
+ "requestModificationTime";
public final static String ARG_REQUEST_NONCE = "nonce";
public final static String ARG_AUTH_ID = "authId";
@@ -166,15 +164,15 @@ public class ProfileServlet extends CMSServlet {
super();
}
- /**
+ /**
* initialize the servlet. Servlets implementing this method
* must specify the template to use as a parameter called
* "templatePath" in the servletConfig
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
- public void init(ServletConfig sc) throws ServletException {
+ public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mTemplate = sc.getServletContext().getRealPath(
sc.getInitParameter(PROP_TEMPLATE));
@@ -193,47 +191,44 @@ public class ProfileServlet extends CMSServlet {
}
}
- protected String escapeXML(String v)
- {
- if (v == null) {
- return "";
- }
- v = v.replaceAll("&", "&amp;");
- return v;
+ protected String escapeXML(String v) {
+ if (v == null) {
+ return "";
+ }
+ v = v.replaceAll("&", "&amp;");
+ return v;
}
- protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v)
- {
- ps.println("<" + name + ">");
- if (v != null) {
- if (v instanceof ArgList) {
- ArgList list = (ArgList)v;
- ps.println("<list>");
- for (int i = 0; i < list.size(); i++) {
- outputArgValueAsXML(ps, name, list.get(i));
- }
- ps.println("</list>");
- } else if (v instanceof ArgString) {
- ArgString str = (ArgString)v;
- ps.println(escapeXML(str.getValue()));
- } else if (v instanceof ArgSet) {
- ArgSet set = (ArgSet)v;
- ps.println("<set>");
- Enumeration names = set.getNames();
- while (names.hasMoreElements()) {
- String n = (String)names.nextElement();
+ protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) {
+ ps.println("<" + name + ">");
+ if (v != null) {
+ if (v instanceof ArgList) {
+ ArgList list = (ArgList) v;
+ ps.println("<list>");
+ for (int i = 0; i < list.size(); i++) {
+ outputArgValueAsXML(ps, name, list.get(i));
+ }
+ ps.println("</list>");
+ } else if (v instanceof ArgString) {
+ ArgString str = (ArgString) v;
+ ps.println(escapeXML(str.getValue()));
+ } else if (v instanceof ArgSet) {
+ ArgSet set = (ArgSet) v;
+ ps.println("<set>");
+ Enumeration names = set.getNames();
+ while (names.hasMoreElements()) {
+ String n = (String) names.nextElement();
outputArgValueAsXML(ps, n, set.get(n));
- }
- ps.println("</set>");
- } else {
- ps.println(v);
- }
+ }
+ ps.println("</set>");
+ } else {
+ ps.println(v);
}
- ps.println("</" + name + ">");
+ }
+ ps.println("</" + name + ">");
}
- protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args)
- {
+ protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) {
PrintStream ps = new PrintStream(bos);
ps.println("<xml>");
outputArgValueAsXML(ps, "output", args);
@@ -241,9 +236,9 @@ public class ProfileServlet extends CMSServlet {
ps.flush();
}
- public void outputTemplate(HttpServletRequest request,
+ public void outputTemplate(HttpServletRequest request,
HttpServletResponse response, ArgSet args)
- throws EBaseException {
+ throws EBaseException {
String xmlOutput = request.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
@@ -251,32 +246,31 @@ public class ProfileServlet extends CMSServlet {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
outputThisAsXML(bos, args);
try {
- response.setContentLength(bos.size());
- bos.writeTo(response.getOutputStream());
+ response.setContentLength(bos.size());
+ bos.writeTo(response.getOutputStream());
} catch (Exception e) {
CMS.debug("outputTemplate error " + e);
}
return;
}
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("output_template");
+ statsSub.startTiming("output_template");
}
BufferedReader reader = null;
try {
reader = new BufferedReader(
- new FileReader(mTemplate));
+ new FileReader(mTemplate));
response.setContentType("text/html; charset=UTF-8");
PrintWriter writer = response.getWriter();
-
// output template
String line = null;
do {
- line = reader.readLine();
+ line = reader.readLine();
if (line != null) {
if (line.indexOf("<CMS_TEMPLATE>") == -1) {
writer.println(line);
@@ -287,21 +281,20 @@ public class ProfileServlet extends CMSServlet {
writer.println("</script>");
}
}
- }
- while (line != null);
+ } while (line != null);
reader.close();
} catch (IOException e) {
- CMS.debug(e);
- throw new EBaseException(e.toString());
+ CMS.debug(e);
+ throw new EBaseException(e.toString());
} finally {
- if (statsSub != null) {
- statsSub.endTiming("output_template");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("output_template");
+ }
}
}
protected void outputArgList(PrintWriter writer, String name, ArgList list)
- throws IOException {
+ throws IOException {
String h_name = null;
@@ -342,27 +335,27 @@ public class ProfileServlet extends CMSServlet {
char c = in[i];
/* presumably this gives better performance */
- if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) {
+ if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
out[j++] = c;
continue;
}
/* some inputs are coming in as '\' and 'n' */
/* see BZ 500736 for details */
- if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
- in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
- in[i+1] == '<' || in[i+1] == '>' ||
- in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
- if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
- (in[i+3] == 'c' || in[i+3] == 'e')) {
+ if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+ in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+ in[i + 1] == '<' || in[i + 1] == '>' ||
+ in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+ if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+ (in[i + 3] == 'c' || in[i + 3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i+1];
- out[j++] = in[i+2];
- out[j++] = in[i+3];
+ out[j++] = in[i + 1];
+ out[j++] = in[i + 2];
+ out[j++] = in[i + 3];
i += 3;
- } else {
+ } else {
out[j++] = '\\';
- out[j++] = in[i+1];
+ out[j++] = in[i + 1];
i++;
}
continue;
@@ -421,18 +414,18 @@ public class ProfileServlet extends CMSServlet {
}
protected void outputArgString(PrintWriter writer, String name, ArgString str)
- throws IOException {
+ throws IOException {
String s = str.getValue();
// sub \n with "\n"
if (s != null) {
- s = escapeJavaScriptString(s);
+ s = escapeJavaScriptString(s);
}
writer.println(name + "=\"" + s + "\";");
}
protected void outputArgSet(PrintWriter writer, String name, ArgSet set)
- throws IOException {
+ throws IOException {
Enumeration e = set.getNames();
while (e.hasMoreElements()) {
@@ -456,7 +449,7 @@ public class ProfileServlet extends CMSServlet {
}
protected void outputData(PrintWriter writer, ArgSet set)
- throws IOException {
+ throws IOException {
if (set == null)
return;
Enumeration e = set.getNames();
@@ -486,12 +479,12 @@ public class ProfileServlet extends CMSServlet {
*/
protected void log(int event, int level, String msg) {
mLogger.log(event, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ "Servlet " + mId + ": " + msg);
}
protected void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ "Servlet " + mId + ": " + msg);
}
/**
@@ -512,8 +505,7 @@ public class ProfileServlet extends CMSServlet {
}
protected void renderResult(CMSRequest cmsReq)
- throws IOException {
+ throws IOException {
// do nothing
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index b00b13a9..3a2a91da 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.io.InputStream;
import java.io.OutputStream;
import java.security.cert.CertificateEncodingException;
@@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials;
import com.netscape.cms.servlet.common.CMCOutputTemplate;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This servlet submits end-user request into the profile framework.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileSubmitCMCServlet extends ProfileServlet {
@@ -89,27 +87,26 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
private String requestBinary = null;
private String requestB64 = null;
- private final static String[]
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
- /* 0 */ "automated profile cert request rejection: "
+ private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+ /* 0 */"automated profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to an EBaseException"
};
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
public ProfileSubmitCMCServlet() {
}
/**
- * initialize the servlet. And instance of this servlet can
+ * initialize the servlet. And instance of this servlet can
* be set up to always issue certificates against a certain profile
* by setting the 'profileId' configuration in the servletConfig
* If not, the user must specify the profileID when submitting the request
*
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
}
public IAuthToken authenticate(IProfileAuthenticator authenticator,
- HttpServletRequest request) throws EBaseException {
+ HttpServletRequest request) throws EBaseException {
AuthCredentials credentials = new AuthCredentials();
// build credential
@@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
IAuthToken authToken = authenticator.authenticate(credentials);
SessionContext sc = SessionContext.getContext();
- if (sc != null) {
- sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
- String userid = authToken.getInString(IAuthToken.USER_ID);
- if (userid != null) {
- sc.put(SessionContext.USER_ID, userid);
- }
+ if (sc != null) {
+ sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+ String userid = authToken.getInString(IAuthToken.USER_ID);
+ if (userid != null) {
+ sc.put(SessionContext.USER_ID, userid);
+ }
}
return authToken;
}
private void setInputsIntoRequest(HttpServletRequest request, IProfile
-profile, IRequest req) {
+ profile, IRequest req) {
Enumeration inputIds = profile.getProfileInputIds();
if (inputIds != null) {
@@ -215,15 +212,14 @@ profile, IRequest req) {
* Process the HTTP request
* <P>
*
- * (Certificate Request Processed - either an automated "EE" profile based
- * cert acceptance, or an automated "EE" profile based cert rejection)
+ * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection)
* <P>
*
* <ul>
* <li>http.param profileId ID of profile to use to process request
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -233,8 +229,8 @@ profile, IRequest req) {
Locale locale = getLocale(request);
ArgSet args = new ArgSet();
- String cert_request_type =
- mServletConfig.getInitParameter("cert_request_type");
+ String cert_request_type =
+ mServletConfig.getInitParameter("cert_request_type");
String outputFormat = mServletConfig.getInitParameter("outputFormat");
int reqlen = request.getContentLength();
@@ -272,25 +268,25 @@ profile, IRequest req) {
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( paramName.startsWith("__") ||
- paramName.endsWith("password") ||
- paramName.endsWith("passwd") ||
- paramName.endsWith("pwd") ||
- paramName.equalsIgnoreCase("admin_password_again") ||
- paramName.equalsIgnoreCase("directoryManagerPwd") ||
- paramName.equalsIgnoreCase("bindpassword") ||
- paramName.equalsIgnoreCase("bindpwd") ||
- paramName.equalsIgnoreCase("passwd") ||
- paramName.equalsIgnoreCase("password") ||
- paramName.equalsIgnoreCase("pin") ||
- paramName.equalsIgnoreCase("pwd") ||
- paramName.equalsIgnoreCase("pwdagain") ||
- paramName.equalsIgnoreCase("uPasswd") ) {
+ if (paramName.startsWith("__") ||
+ paramName.endsWith("password") ||
+ paramName.endsWith("passwd") ||
+ paramName.endsWith("pwd") ||
+ paramName.equalsIgnoreCase("admin_password_again") ||
+ paramName.equalsIgnoreCase("directoryManagerPwd") ||
+ paramName.equalsIgnoreCase("bindpassword") ||
+ paramName.equalsIgnoreCase("bindpwd") ||
+ paramName.equalsIgnoreCase("passwd") ||
+ paramName.equalsIgnoreCase("password") ||
+ paramName.equalsIgnoreCase("pin") ||
+ paramName.equalsIgnoreCase("pwd") ||
+ paramName.equalsIgnoreCase("pwdagain") ||
+ paramName.equalsIgnoreCase("uPasswd")) {
CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
paramName + "='(sensitive)'");
} else {
CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
- paramName + "='" +
+ paramName + "='" +
request.getParameter(paramName) + "'");
}
}
@@ -303,8 +299,8 @@ profile, IRequest req) {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem)
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found");
@@ -317,7 +313,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
@@ -331,14 +327,14 @@ profile, IRequest req) {
profileId = mProfileId;
}
- IProfile profile = null;
+ IProfile profile = null;
- try {
+ try {
CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId);
- profile = ps.getProfile(profileId);
- } catch (EProfileException e) {
- CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
- profileId + " " + e.toString());
+ profile = ps.getProfile(profileId);
+ } catch (EProfileException e) {
+ CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
+ profileId + " " + e.toString());
}
if (profile == null) {
CMCOutputTemplate template = new CMCOutputTemplate();
@@ -350,13 +346,13 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
if (!ps.isProfileEnable(profileId)) {
- CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
- " not enabled");
+ CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
+ " not enabled");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
@@ -366,7 +362,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
@@ -386,8 +382,8 @@ profile, IRequest req) {
if (authenticator == null) {
CMS.debug("ProfileSubmitCMCServlet: authenticator not found");
} else {
- CMS.debug("ProfileSubmitCMCServlet: authenticator " +
- authenticator.getName() + " found");
+ CMS.debug("ProfileSubmitCMCServlet: authenticator " +
+ authenticator.getName() + " found");
setCredentialsIntoContext(request, authenticator, ctx);
}
@@ -403,27 +399,27 @@ profile, IRequest req) {
SessionContext context = SessionContext.getContext();
// insert profile context so that input parameter can be retrieved
- context.put("profileContext", ctx);
- context.put("sslClientCertProvider",
- new SSLClientCertProvider(request));
+ context.put("profileContext", ctx);
+ context.put("sslClientCertProvider",
+ new SSLClientCertProvider(request));
CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider");
- if (authenticator != null) {
+ if (authenticator != null) {
try {
authToken = authenticate(authenticator, request);
// authentication success
} catch (EBaseException e) {
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
- seq.addElement(new INTEGER(0));
+ seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(e.toString());
+ s = new UTF8String(e.toString());
} catch (Exception ee) {
}
- template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.BAD_REQUEST, s);
- CMS.debug("ProfileSubmitCMCServlet: authentication error " +
- e.toString());
+ template.createFullResponseWithFailedStatus(response, seq,
+ OtherInfo.BAD_REQUEST, s);
+ CMS.debug("ProfileSubmitCMCServlet: authentication error " +
+ e.toString());
return;
}
@@ -433,9 +429,9 @@ profile, IRequest req) {
CMS.debug("ProfileSubmitCMCServlet authToken not null");
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ mAuthzResourceName, "submit");
} catch (Exception e) {
- CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString());
+ CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString());
}
}
@@ -450,7 +446,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.BAD_REQUEST, s);
+ OtherInfo.BAD_REQUEST, s);
return;
}
}
@@ -473,7 +469,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
@@ -486,17 +482,17 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+ (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
if (attr != null) {
boolean verifyAllow = true;
try {
verifyAllow = CMS.getConfigStore().getBoolean(
- "cmc.lraPopWitness.verify.allow", true);
+ "cmc.lraPopWitness.verify.allow", true);
} catch (EBaseException ee) {
}
@@ -505,18 +501,18 @@ profile, IRequest req) {
SET vals = attr.getValues();
if (vals.size() > 0) {
try {
- lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
CMS.debug(
- CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+ CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
}
SEQUENCE bodyIds = lraPop.getBodyIds();
CMCOutputTemplate template = new CMCOutputTemplate();
template.createFullResponseWithFailedStatus(response, bodyIds,
- OtherInfo.POP_FAILED, null);
+ OtherInfo.POP_FAILED, null);
return;
}
}
@@ -524,25 +520,25 @@ profile, IRequest req) {
// for CMC, requests may be zero. Then check if controls exist.
if (reqs == null) {
- Integer nums = (Integer)(context.get("numOfControls"));
+ Integer nums = (Integer) (context.get("numOfControls"));
CMCOutputTemplate template = new CMCOutputTemplate();
// if there is only one control GetCert, then simple response
// must be returned.
if (nums != null && nums.intValue() == 1) {
- TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
if (attr1 != null) {
template.createSimpleResponse(response, reqs);
} else
- template.createFullResponse(response, reqs,
- cert_request_type, null);
+ template.createFullResponse(response, reqs,
+ cert_request_type, null);
} else
- template.createFullResponse(response, reqs,
- cert_request_type, null);
+ template.createFullResponse(response, reqs,
+ cert_request_type, null);
return;
}
String errorCode = null;
- String errorReason = null;
+ String errorReason = null;
///////////////////////////////////////////////
// populate request
@@ -553,24 +549,24 @@ profile, IRequest req) {
// serial auth token into request
if (authToken != null) {
- Enumeration tokenNames = authToken.getElements();
- while (tokenNames.hasMoreElements()) {
- String tokenName = (String)tokenNames.nextElement();
- String[] vals = authToken.getInStringArray(tokenName);
- if (vals != null) {
- for (int i = 0; i < vals.length; i++) {
- reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
- tokenName + "[" + i + "]", vals[i]);
- }
- } else {
- String val = authToken.getInString(tokenName);
- if (val != null) {
- reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
- val);
- }
- }
- }
- }
+ Enumeration tokenNames = authToken.getElements();
+ while (tokenNames.hasMoreElements()) {
+ String tokenName = (String) tokenNames.nextElement();
+ String[] vals = authToken.getInStringArray(tokenName);
+ if (vals != null) {
+ for (int i = 0; i < vals.length; i++) {
+ reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
+ tokenName + "[" + i + "]", vals[i]);
+ }
+ } else {
+ String val = authToken.getInString(tokenName);
+ if (val != null) {
+ reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
+ val);
+ }
+ }
+ }
+ }
// put profile framework parameters into the request
reqs[k].setExtData(ARG_PROFILE, "true");
@@ -589,7 +585,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
@@ -598,13 +594,13 @@ profile, IRequest req) {
reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
- CMS.debug("ProfileSubmitCMCServlet: request " +
- reqs[k].getRequestId().toString());
+ CMS.debug("ProfileSubmitCMCServlet: request " +
+ reqs[k].getRequestId().toString());
try {
CMS.debug("ProfileSubmitCMCServlet: populating request inputs");
// give authenticator a chance to populate the request
- if (authenticator != null) {
+ if (authenticator != null) {
authenticator.populate(authToken, reqs[k]);
}
profile.populateInput(ctx, reqs[k]);
@@ -620,7 +616,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.BAD_REQUEST, s);
+ OtherInfo.BAD_REQUEST, s);
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
@@ -635,7 +631,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
}
@@ -652,23 +648,22 @@ profile, IRequest req) {
///////////////////////////////////////////////
int error_codes[] = null;
if (reqs != null && reqs.length > 0)
- error_codes = new int[reqs.length];
+ error_codes = new int[reqs.length];
for (int k = 0; k < reqs.length; k++) {
try {
// reset the "auditRequesterID"
auditRequesterID = auditRequesterID(reqs[k]);
-
// print request debug
if (reqs[k] != null) {
- Enumeration reqKeys = reqs[k].getExtDataKeys();
- while (reqKeys.hasMoreElements()) {
- String reqKey = (String)reqKeys.nextElement();
- String reqVal = reqs[k].getExtDataInString(reqKey);
- if (reqVal != null) {
- CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+ Enumeration reqKeys = reqs[k].getExtDataKeys();
+ while (reqKeys.hasMoreElements()) {
+ String reqKey = (String) reqKeys.nextElement();
+ String reqVal = reqs[k].getExtDataInString(reqKey);
+ if (reqVal != null) {
+ CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+ }
}
- }
}
profile.submit(authToken, reqs[k]);
@@ -698,9 +693,9 @@ profile, IRequest req) {
// need to notify
INotify notify = profile.getRequestQueue().getPendingNotify();
if (notify != null) {
- notify.notify(reqs[k]);
+ notify.notify(reqs[k]);
}
-
+
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "2";
errorReason = CMS.getUserMessage(locale,
@@ -722,7 +717,7 @@ profile, IRequest req) {
"CMS_INTERNAL_ERROR");
}
- try {
+ try {
if (errorCode == null) {
profile.getRequestQueue().markAsServiced(reqs[k]);
} else {
@@ -730,7 +725,7 @@ profile, IRequest req) {
}
} catch (EBaseException e) {
CMS.debug("ProfileSubmitCMCServlet: updateRequest " +
- e.toString());
+ e.toString());
}
if (errorCode != null) {
@@ -778,36 +773,36 @@ profile, IRequest req) {
// output output list
///////////////////////////////////////////////
- CMS.debug("ProfileSubmitCMCServlet: done serving");
- CMCOutputTemplate template = new CMCOutputTemplate();
- if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
-
- if (outputFormat != null &&outputFormat.equals("pkcs7")) {
- byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
- response.setContentType("application/pkcs7-mime");
- response.setContentLength(pkcs7.length);
- try {
- OutputStream os = response.getOutputStream();
- os.write(pkcs7);
- os.flush();
- } catch (Exception ee) {
- }
- return;
- }
- template.createSimpleResponse(response, reqs);
- } else if (cert_request_type.equals("cmc")) {
- Integer nums = (Integer)(context.get("numOfControls"));
- if (nums != null && nums.intValue() == 1) {
- TaggedAttribute attr1 =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
- if (attr1 != null) {
- template.createSimpleResponse(response, reqs);
- return;
- }
- }
- template.createFullResponse(response, reqs, cert_request_type,
- error_codes);
- }
+ CMS.debug("ProfileSubmitCMCServlet: done serving");
+ CMCOutputTemplate template = new CMCOutputTemplate();
+ if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
+
+ if (outputFormat != null && outputFormat.equals("pkcs7")) {
+ byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
+ response.setContentType("application/pkcs7-mime");
+ response.setContentLength(pkcs7.length);
+ try {
+ OutputStream os = response.getOutputStream();
+ os.write(pkcs7);
+ os.flush();
+ } catch (Exception ee) {
+ }
+ return;
+ }
+ template.createSimpleResponse(response, reqs);
+ } else if (cert_request_type.equals("cmc")) {
+ Integer nums = (Integer) (context.get("numOfControls"));
+ if (nums != null && nums.intValue() == 1) {
+ TaggedAttribute attr1 =
+ (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ if (attr1 != null) {
+ template.createSimpleResponse(response, reqs);
+ return;
+ }
+ }
+ template.createFullResponse(response, reqs, cert_request_type,
+ error_codes);
+ }
} finally {
SessionContext.releaseContext();
}
@@ -815,11 +810,11 @@ profile, IRequest req) {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -845,11 +840,11 @@ profile, IRequest req) {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request request containing an X509CertImpl
* @return cert string containing the certificate
*/
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 3f663619..613ff55e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.util.Cert;
import com.netscape.cmsutil.xml.XMLObject;
-
/**
* This servlet submits end-user request into the profile framework.
- *
+ *
* @author Christina Fu (renewal support)
* @version $Revision$, $Date$
*/
@@ -97,34 +95,31 @@ public class ProfileSubmitServlet extends ProfileServlet {
private String mReqType = null;
private String mAuthorityId = null;
- private final static String[]
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
- /* 0 */ "automated profile cert request rejection: "
+ private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+ /* 0 */"automated profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to an EBaseException"
};
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-
- private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
- private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
+ "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
public ProfileSubmitServlet() {
}
/**
- * initialize the servlet. And instance of this servlet can
+ * initialize the servlet. And instance of this servlet can
* be set up to always issue certificates against a certain profile
* by setting the 'profileId' configuration in the servletConfig
* If not, the user must specify the profileID when submitting the request
*
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -185,7 +180,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
if (inputValue != null) {
- CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue);
+ CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + inputValue);
ctx.set(inputName, inputValue);
} else {
CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null");
@@ -196,8 +191,6 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
-
-
private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) {
Enumeration<String> authIds = authenticator.getValueNames();
@@ -206,8 +199,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (authIds.hasMoreElements()) {
String authName = (String) authIds.nextElement();
- CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+
- authName);
+ CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" +
+ authName);
if (request.getParameter(authName) != null) {
CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request");
ctx.set(authName, request.getParameter(authName));
@@ -232,7 +225,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
String n = t.substring(0, i);
if (n.equalsIgnoreCase("uid")) {
String v = t.substring(i + 1);
- CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v);
+ CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + v);
return v;
} else {
continue;
@@ -246,66 +239,66 @@ public class ProfileSubmitServlet extends ProfileServlet {
* to the session context
*/
public IAuthToken authenticate(IProfileAuthenticator authenticator,
- HttpServletRequest request, IRequest origReq, SessionContext context)
- throws EBaseException {
- IAuthToken authToken = authenticate(authenticator, request);
- // For renewal, fill in necessary params
- if (authToken!= null) {
- String ouid = origReq.getExtDataInString("auth_token.uid");
- // if the orig cert was manually approved, then there was
- // no auth token uid. Try to get the uid from the cert dn
- // itself, if possible
- if (ouid == null) {
- String sdn = (String) context.get("origSubjectDN");
- if (sdn != null) {
- ouid = getUidFromDN(sdn);
- if (ouid != null)
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
- }
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
- }
- String auid = authToken.getInString("uid");
- if (auid != null) { // not through ssl client auth
- CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid);
- // authenticated with uid
- // put "orig_req.auth_token.uid" so that authz with
- // UserOrigReqAccessEvaluator will work
- if (ouid != null) {
- context.put("orig_req.auth_token.uid", ouid);
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid);
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
- }
- } else { // through ssl client auth?
- CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
- // put in orig_req's uid
- if (ouid != null) {
- CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken");
- authToken.set("uid", ouid);
- context.put(SessionContext.USER_ID, ouid);
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
-// throw new EBaseException("origReq uid not found");
- }
- }
-
- String userdn = origReq.getExtDataInString("auth_token.userdn");
- if (userdn != null) {
- CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken");
- authToken.set("userdn", userdn);
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
-// throw new EBaseException("origReq userdn not found");
- }
+ HttpServletRequest request, IRequest origReq, SessionContext context)
+ throws EBaseException {
+ IAuthToken authToken = authenticate(authenticator, request);
+ // For renewal, fill in necessary params
+ if (authToken != null) {
+ String ouid = origReq.getExtDataInString("auth_token.uid");
+ // if the orig cert was manually approved, then there was
+ // no auth token uid. Try to get the uid from the cert dn
+ // itself, if possible
+ if (ouid == null) {
+ String sdn = (String) context.get("origSubjectDN");
+ if (sdn != null) {
+ ouid = getUidFromDN(sdn);
+ if (ouid != null)
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+ }
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
+ }
+ String auid = authToken.getInString("uid");
+ if (auid != null) { // not through ssl client auth
+ CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + auid);
+ // authenticated with uid
+ // put "orig_req.auth_token.uid" so that authz with
+ // UserOrigReqAccessEvaluator will work
+ if (ouid != null) {
+ context.put("orig_req.auth_token.uid", ouid);
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + ouid);
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+ }
+ } else { // through ssl client auth?
+ CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
+ // put in orig_req's uid
+ if (ouid != null) {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + ouid + ". Setting authtoken");
+ authToken.set("uid", ouid);
+ context.put(SessionContext.USER_ID, ouid);
} else {
- CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+ CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
+ // throw new EBaseException("origReq uid not found");
}
- return authToken;
+ }
+
+ String userdn = origReq.getExtDataInString("auth_token.userdn");
+ if (userdn != null) {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + userdn + ". Setting authtoken");
+ authToken.set("userdn", userdn);
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
+ // throw new EBaseException("origReq userdn not found");
+ }
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+ }
+ return authToken;
}
public IAuthToken authenticate(IProfileAuthenticator authenticator,
- HttpServletRequest request) throws EBaseException {
+ HttpServletRequest request) throws EBaseException {
AuthCredentials credentials = new AuthCredentials();
// build credential
@@ -323,12 +316,12 @@ public class ProfileSubmitServlet extends ProfileServlet {
IAuthToken authToken = authenticator.authenticate(credentials);
SessionContext sc = SessionContext.getContext();
- if (sc != null) {
- sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
- String userid = authToken.getInString(IAuthToken.USER_ID);
- if (userid != null) {
- sc.put(SessionContext.USER_ID, userid);
- }
+ if (sc != null) {
+ sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+ String userid = authToken.getInString(IAuthToken.USER_ID);
+ if (userid != null) {
+ sc.put(SessionContext.USER_ID, userid);
+ }
}
return authToken;
@@ -387,7 +380,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
if (inputValue != null) {
- CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue);
+ CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + inputValue);
req.setExtData(inputName, inputValue);
} else {
CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null");
@@ -412,8 +405,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (outputNames.hasMoreElements()) {
ArgSet outputset = new ArgSet();
String outputName = (String) outputNames.nextElement();
- IDescriptor outputDesc =
- profileOutput.getValueDescriptor(locale, outputName);
+ IDescriptor outputDesc =
+ profileOutput.getValueDescriptor(locale, outputName);
if (outputDesc == null)
continue;
@@ -423,7 +416,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
String outputValue = null;
try {
- outputValue = profileOutput.getValue(outputName,
+ outputValue = profileOutput.getValue(outputName,
locale, req);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitServlet: " + e.toString());
@@ -445,15 +438,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
* Process the HTTP request
* <P>
*
- * (Certificate Request Processed - either an automated "EE" profile based
- * cert acceptance, or an automated "EE" profile based cert rejection)
+ * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection)
* <P>
*
* <ul>
* <li>http.param profileId ID of profile to use to process request
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -476,9 +468,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMS.debug("xmlOutput false");
}
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("enrollment", true /* main action */);
+ statsSub.startTiming("enrollment", true /* main action */);
}
long startTime = CMS.getCurrentDate().getTime();
@@ -488,7 +480,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (CMS.debugOn()) {
CMS.debug("Start of ProfileSubmitServlet Input Parameters");
@SuppressWarnings("unchecked")
- Enumeration<String> paramNames = request.getParameterNames();
+ Enumeration<String> paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
String paramName = paramNames.nextElement();
@@ -497,25 +489,25 @@ public class ProfileSubmitServlet extends ProfileServlet {
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( paramName.startsWith("__") ||
- paramName.endsWith("password") ||
- paramName.endsWith("passwd") ||
- paramName.endsWith("pwd") ||
- paramName.equalsIgnoreCase("admin_password_again") ||
- paramName.equalsIgnoreCase("directoryManagerPwd") ||
- paramName.equalsIgnoreCase("bindpassword") ||
- paramName.equalsIgnoreCase("bindpwd") ||
- paramName.equalsIgnoreCase("passwd") ||
- paramName.equalsIgnoreCase("password") ||
- paramName.equalsIgnoreCase("pin") ||
- paramName.equalsIgnoreCase("pwd") ||
- paramName.equalsIgnoreCase("pwdagain") ||
- paramName.equalsIgnoreCase("uPasswd") ) {
+ if (paramName.startsWith("__") ||
+ paramName.endsWith("password") ||
+ paramName.endsWith("passwd") ||
+ paramName.endsWith("pwd") ||
+ paramName.equalsIgnoreCase("admin_password_again") ||
+ paramName.equalsIgnoreCase("directoryManagerPwd") ||
+ paramName.equalsIgnoreCase("bindpassword") ||
+ paramName.equalsIgnoreCase("bindpwd") ||
+ paramName.equalsIgnoreCase("passwd") ||
+ paramName.equalsIgnoreCase("password") ||
+ paramName.equalsIgnoreCase("pin") ||
+ paramName.equalsIgnoreCase("pwd") ||
+ paramName.equalsIgnoreCase("pwdagain") ||
+ paramName.equalsIgnoreCase("uPasswd")) {
CMS.debug("ProfileSubmitServlet Input Parameter " +
paramName + "='(sensitive)'");
} else {
CMS.debug("ProfileSubmitServlet Input Parameter " +
- paramName + "='" +
+ paramName + "='" +
request.getParameter(paramName) + "'");
}
}
@@ -528,22 +520,22 @@ public class ProfileSubmitServlet extends ProfileServlet {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem)
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found");
if (xmlOutput) {
outputError(response, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
return;
}
@@ -562,10 +554,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
*/
String renewal = request.getParameter("renewal");
boolean isRenewal = false;
- if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) {
+ if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) {
CMS.debug("ProfileSubmitServlet: isRenewal true");
isRenewal = true;
- request.setAttribute("reqType", (Object)"renewal");
+ request.setAttribute("reqType", (Object) "renewal");
} else {
CMS.debug("ProfileSubmitServlet: isRenewal false");
}
@@ -593,11 +585,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (isRenewal) {
// dig up the original request to "clone"
renewProfileId = profileId;
- CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId);
+ CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId);
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId +
- " not found");
+ " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -608,7 +600,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (queue == null) {
CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " +
- mAuthorityId + " not found");
+ mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR"));
@@ -638,7 +630,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
} else { // has ssl client cert
@@ -646,45 +638,45 @@ public class ProfileSubmitServlet extends ProfileServlet {
// shouldn't expect leaf cert to be always at the
// same location
X509Certificate clientCert = null;
- for (int i = 0; i< certs.length; i++) {
+ for (int i = 0; i < certs.length; i++) {
clientCert = certs[i];
- byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+ byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
// try to see if this is a leaf cert
// look for BasicConstraint extension
if (extBytes == null) {
// found leaf cert
- CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
+ CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
break;
} else {
- CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
- // it's got BasicConstraints extension
- // so it's not likely to be a leaf cert,
- // however, check the isCA field regardless
- try {
- BasicConstraintsExtension bce =
- new BasicConstraintsExtension(true, extBytes);
- if (bce != null) {
- if (!(Boolean)bce.get("is_ca")) {
- CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
- break;
- } // else found a ca cert, continue
- }
- } catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+
+ CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
+ // it's got BasicConstraints extension
+ // so it's not likely to be a leaf cert,
+ // however, check the isCA field regardless
+ try {
+ BasicConstraintsExtension bce =
+ new BasicConstraintsExtension(true, extBytes);
+ if (bce != null) {
+ if (!(Boolean) bce.get("is_ca")) {
+ CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
+ break;
+ } // else found a ca cert, continue
+ }
+ } catch (Exception e) {
+ CMS.debug("ProfileSubmitServlet: renewal: exception:" +
e.toString());
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
- outputTemplate(request, response, args);
- return;
- }
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
+ outputTemplate(request, response, args);
+ return;
+ }
}
}
if (clientCert == null) {
CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -694,10 +686,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
clientCert = new X509CertImpl(certEncoded);
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -706,7 +698,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
}
- CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + certSerial.toString());
try {
ICertificateRepository certDB = null;
@@ -716,28 +708,28 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (certDB == null) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial);
- if (rec == null) {
- CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString());
+ if (rec == null) {
+ CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
} else {
- CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString());
// check to see if the cert is revoked or revoked_expired
if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
- CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString());
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
- outputTemplate(request, response, args);
- return;
+ CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString());
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
+ outputTemplate(request, response, args);
+ return;
}
MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
// note: CA's internal certs don't have request ids
@@ -748,54 +740,54 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (rid != null) {
origReq = queue.findRequest(new RequestId(rid));
if (origReq != null) {
- CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid);
+ CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + rid);
// debug: print the extData keys
Enumeration<String> en = origReq.getExtDataKeys();
-/*
- CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS");
- while (en.hasMoreElements()) {
- String next = (String) en.nextElement();
- CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next);
- }
- CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS");
-*/
+ /*
+ CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS");
+ while (en.hasMoreElements()) {
+ String next = (String) en.nextElement();
+ CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next);
+ }
+ CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS");
+ */
String requestorE = origReq.getExtDataInString("requestor_email");
- CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE);
+ CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + requestorE);
profileId = origReq.getExtDataInString("profileId");
if (profileId != null)
- CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId);
+ CMS.debug("ProfileSubmitServlet: renewal original profileId=" + profileId);
else {
- CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
- outputTemplate(request, response, args);
- return;
+ CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
+ outputTemplate(request, response, args);
+ return;
}
origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
-
+
} else { //if origReq
- CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid);
+ CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid);
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
} else {
- CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString());
- CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"+": original request not found"));
- outputTemplate(request, response, args);
- return;
+ CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR" + ": original request not found"));
+ outputTemplate(request, response, args);
+ return;
}
} else {
- CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -803,96 +795,96 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter");
X509CertImpl origCert = rec.getCertificate();
origNotAfter = origCert.getNotAfter();
- CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+
- origNotAfter.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" +
+ origNotAfter.toString());
origSubjectDN = origCert.getSubjectDN().getName();
- CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+
- origSubjectDN);
+ CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" +
+ origSubjectDN);
}
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
} // end isRenewal
- IProfile profile = null;
+ IProfile profile = null;
IProfile renewProfile = null;
- try {
- profile = ps.getProfile(profileId);
+ try {
+ profile = ps.getProfile(profileId);
if (isRenewal) {
// in case of renew, "profile" is the orig profile
// while "renewProfile" is the current profile used for renewal
- renewProfile = ps.getProfile(renewProfileId);
+ renewProfile = ps.getProfile(renewProfileId);
}
- } catch (EProfileException e) {
- if(profile == null) {
- CMS.debug("ProfileSubmitServlet: profile not found profileId " +
- profileId + " " + e.toString());
+ } catch (EProfileException e) {
+ if (profile == null) {
+ CMS.debug("ProfileSubmitServlet: profile not found profileId " +
+ profileId + " " + e.toString());
}
if (renewProfile == null) {
CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " +
- renewProfileId + " " + e.toString());
+ renewProfileId + " " + e.toString());
}
}
if (profile == null) {
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId));
+ outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", profileId));
outputTemplate(request, response, args);
}
return;
}
if (isRenewal && (renewProfile == null)) {
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId));
+ outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ "CMS_PROFILE_NOT_FOUND", renewProfileId));
outputTemplate(request, response, args);
}
return;
}
if (!ps.isProfileEnable(profileId)) {
- CMS.debug("ProfileSubmitServlet: Profile " + profileId +
- " not enabled");
+ CMS.debug("ProfileSubmitServlet: Profile " + profileId +
+ " not enabled");
if (xmlOutput) {
outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", profileId));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
return;
}
if (isRenewal) {
- if (!ps.isProfileEnable(renewProfileId)) {
- CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId +
- " not enabled");
- if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
- } else {
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", renewProfileId));
- outputTemplate(request, response, args);
+ if (!ps.isProfileEnable(renewProfileId)) {
+ CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId +
+ " not enabled");
+ if (xmlOutput) {
+ outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ } else {
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ outputTemplate(request, response, args);
+ }
+ return;
}
- return;
- }
}
IProfileContext ctx = profile.createContext();
@@ -909,40 +901,40 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
} catch (EProfileException e) {
// authenticator not installed correctly
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
if (authenticator == null) {
CMS.debug("ProfileSubmitServlet: authenticator not found");
} else {
- CMS.debug("ProfileSubmitServlet: authenticator " +
- authenticator.getName() + " found");
+ CMS.debug("ProfileSubmitServlet: authenticator " +
+ authenticator.getName() + " found");
setCredentialsIntoContext(request, authenticator, ctx);
}
// for renewal, this will override or add auth info to the profile context
if (isRenewal) {
- if (origAuthenticator!= null) {
- CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " +
- origAuthenticator.getName() + " found");
- setCredentialsIntoContext(request, origAuthenticator, ctx);
- } else {
- CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
- }
+ if (origAuthenticator != null) {
+ CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " +
+ origAuthenticator.getName() + " found");
+ setCredentialsIntoContext(request, origAuthenticator, ctx);
+ } else {
+ CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
+ }
}
CMS.debug("ProfileSubmistServlet: set Inputs into profile Context");
if (isRenewal) {
- // for renewal, input needs to be retrieved from the orig req record
+ // for renewal, input needs to be retrieved from the orig req record
CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context");
setInputsIntoContext(origReq, profile, ctx, locale);
ctx.set(IEnrollProfile.CTX_RENEWAL, "true");
ctx.set("renewProfileId", renewProfileId);
- ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
+ ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
} else {
setInputsIntoContext(request, profile, ctx);
}
@@ -956,14 +948,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
SessionContext context = SessionContext.getContext();
// insert profile context so that input parameter can be retrieved
- context.put("profileContext", ctx);
- context.put("sslClientCertProvider",
- new SSLClientCertProvider(request));
+ context.put("profileContext", ctx);
+ context.put("sslClientCertProvider",
+ new SSLClientCertProvider(request));
CMS.debug("ProfileSubmitServlet: set sslClientCertProvider");
if ((isRenewal == true) && (origSubjectDN != null))
- context.put("origSubjectDN", origSubjectDN);
+ context.put("origSubjectDN", origSubjectDN);
if (statsSub != null) {
- statsSub.startTiming("profile_authentication");
+ statsSub.startTiming("profile_authentication");
}
if (authenticator != null) {
@@ -975,20 +967,20 @@ public class ProfileSubmitServlet extends ProfileServlet {
//Attempt to possibly fetch attemped uid, may not always be available.
if (authIds != null) {
while (authIds.hasMoreElements()) {
- String authName = authIds.nextElement();
- String value = request.getParameter(authName);
+ String authName = authIds.nextElement();
+ String value = request.getParameter(authName);
if (value != null) {
- if (authName.equals("uid")) {
- uid_attempted_cred = value;
- }
+ if (authName.equals("uid")) {
+ uid_attempted_cred = value;
+ }
}
}
}
- String authSubjectID = auditSubjectID();
+ String authSubjectID = auditSubjectID();
- String authMgrID = authenticator.getName();
- String auditMessage = null;
+ String authMgrID = authenticator.getName();
+ String auditMessage = null;
try {
if (isRenewal) {
CMS.debug("ProfileSubmitServlet: renewal authenticate begins");
@@ -998,22 +990,22 @@ public class ProfileSubmitServlet extends ProfileServlet {
authToken = authenticate(authenticator, request);
}
} catch (EBaseException e) {
- CMS.debug("ProfileSubmitServlet: authentication error " +
- e.toString());
+ CMS.debug("ProfileSubmitServlet: authentication error " +
+ e.toString());
// authentication error
if (xmlOutput) {
outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("authentication");
+ statsSub.endTiming("authentication");
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
//audit log our authentication failure
@@ -1040,7 +1032,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
authSubjectID = authSubjectID + " : " + uid_cred;
-
+
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
@@ -1052,7 +1044,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
if (statsSub != null) {
- statsSub.endTiming("profile_authentication");
+ statsSub.endTiming("profile_authentication");
}
// authentication success
@@ -1061,23 +1053,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
// do profile authorization
String acl = null;
if (isRenewal)
- acl = renewProfile.getAuthzAcl();
+ acl = renewProfile.getAuthzAcl();
else
- acl = profile.getAuthzAcl();
- CMS.debug("ProfileSubmitServlet: authz using acl: "+acl);
+ acl = profile.getAuthzAcl();
+ CMS.debug("ProfileSubmitServlet: authz using acl: " + acl);
if (acl != null && acl.length() > 0) {
try {
String resource = profileId + ".authz.acl";
AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl);
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet authorize: "+e.toString());
+ CMS.debug("ProfileSubmitServlet authorize: " + e.toString());
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_AUTHORIZATION_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
}
@@ -1089,7 +1081,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
IRequest reqs[] = null;
if (statsSub != null) {
- statsSub.startTiming("request_population");
+ statsSub.startTiming("request_population");
}
///////////////////////////////////////////////
// create request
@@ -1107,8 +1099,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
} catch (Throwable e) {
@@ -1119,18 +1111,18 @@ public class ProfileSubmitServlet extends ProfileServlet {
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
}
String errorCode = null;
- String errorReason = null;
+ String errorReason = null;
///////////////////////////////////////////////
// populate request
@@ -1141,22 +1133,22 @@ public class ProfileSubmitServlet extends ProfileServlet {
// adding parameters to request
if (isRenewal) {
- setInputsIntoRequest(origReq, profile, reqs[k], locale);
- // set orig expiration date to be used in Validity constraint
- reqs[k].setExtData("origNotAfter",
- BigInteger.valueOf(origNotAfter.getTime()));
- // set subjectDN to be used in subject name default
- reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
- // set request type
- reqs[k].setRequestType("renewal");
+ setInputsIntoRequest(origReq, profile, reqs[k], locale);
+ // set orig expiration date to be used in Validity constraint
+ reqs[k].setExtData("origNotAfter",
+ BigInteger.valueOf(origNotAfter.getTime()));
+ // set subjectDN to be used in subject name default
+ reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
+ // set request type
+ reqs[k].setRequestType("renewal");
} else
- setInputsIntoRequest(request, profile, reqs[k]);
+ setInputsIntoRequest(request, profile, reqs[k]);
// serial auth token into request
if (authToken != null) {
Enumeration<String> tokenNames = authToken.getElements();
while (tokenNames.hasMoreElements()) {
- String tokenName = tokenNames.nextElement();
+ String tokenName = tokenNames.nextElement();
String[] tokenVals = authToken.getInStringArray(tokenName);
if (tokenVals != null) {
for (int i = 0; i < tokenVals.length; i++) {
@@ -1181,7 +1173,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
if (fromRA) {
- CMS.debug("ProfileSubmitServlet: request from RA: "+ uid);
+ CMS.debug("ProfileSubmitServlet: request from RA: " + uid);
reqs[k].setExtData(ARG_REQUEST_OWNER, uid);
}
@@ -1200,13 +1192,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString());
} else {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
}
@@ -1216,13 +1208,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
- CMS.debug("ProfileSubmitServlet: request " +
- reqs[k].getRequestId().toString());
+ CMS.debug("ProfileSubmitServlet: request " +
+ reqs[k].getRequestId().toString());
try {
CMS.debug("ProfileSubmitServlet: populating request inputs");
// give authenticator a chance to populate the request
- if (authenticator != null) {
+ if (authenticator != null) {
authenticator.populate(authToken, reqs[k]);
}
profile.populateInput(ctx, reqs[k]);
@@ -1237,8 +1229,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
} catch (Throwable e) {
@@ -1250,18 +1242,18 @@ public class ProfileSubmitServlet extends ProfileServlet {
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
}
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
+ statsSub.endTiming("request_population");
}
String auditMessage = null;
@@ -1281,15 +1273,15 @@ public class ProfileSubmitServlet extends ProfileServlet {
// print request debug
if (reqs[k] != null) {
- requestIds += " "+reqs[k].getRequestId().toString();
- Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
- while (reqKeys.hasMoreElements()) {
- String reqKey = reqKeys.nextElement();
- String reqVal = reqs[k].getExtDataInString(reqKey);
- if (reqVal != null) {
- CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+ requestIds += " " + reqs[k].getRequestId().toString();
+ Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
+ while (reqKeys.hasMoreElements()) {
+ String reqKey = reqKeys.nextElement();
+ String reqVal = reqs[k].getExtDataInString(reqKey);
+ if (reqVal != null) {
+ CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+ }
}
- }
}
profile.submit(authToken, reqs[k]);
@@ -1319,9 +1311,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
// need to notify
INotify notify = profile.getRequestQueue().getPendingNotify();
if (notify != null) {
- notify.notify(reqs[k]);
+ notify.notify(reqs[k]);
}
-
+
CMS.debug("ProfileSubmitServlet: submit " + e.toString());
errorCode = "2";
errorReason = CMS.getUserMessage(locale,
@@ -1343,7 +1335,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
"CMS_INTERNAL_ERROR");
}
- try {
+ try {
if (errorCode == null) {
profile.getRequestQueue().markAsServiced(reqs[k]);
} else {
@@ -1351,7 +1343,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
} catch (EBaseException e) {
CMS.debug("ProfileSubmitServlet: updateRequest " +
- e.toString());
+ e.toString());
}
if (errorCode != null) {
@@ -1396,7 +1388,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
ArgSet requestset = new ArgSet();
requestset.set(ARG_REQUEST_ID,
- reqs[k].getRequestId().toString());
+ reqs[k].getRequestId().toString());
requestlist.add(requestset);
}
args.set(ARG_REQUEST_LIST, requestlist);
@@ -1405,7 +1397,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
return;
}
@@ -1431,7 +1423,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
ArgSet requestset = new ArgSet();
requestset.set(ARG_REQUEST_ID,
- reqs[k].getRequestId().toString());
+ reqs[k].getRequestId().toString());
requestlist.add(requestset);
}
args.set(ARG_REQUEST_LIST, requestlist);
@@ -1454,14 +1446,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
audit(auditMessage);
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
throw eAudit1;
} finally {
SessionContext.releaseContext();
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
}
@@ -1473,19 +1465,19 @@ public class ProfileSubmitServlet extends ProfileServlet {
Node root = xmlObj.createRoot("XMLResponse");
xmlObj.addItemToContainer(root, "Status", SUCCESS);
Node n = xmlObj.createContainer(root, "Requests");
- CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length);
+ CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length);
- for (int i=0; i<reqs.length; i++) {
+ for (int i = 0; i < reqs.length; i++) {
Node subnode = xmlObj.createContainer(n, "Request");
xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString());
X509CertInfo certInfo =
- reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
if (certInfo != null) {
- String subject = "";
- subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
- xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
+ String subject = "";
+ subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
+ xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
} else {
- CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
+ CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
}
Enumeration<String> outputIds = profile.getProfileOutputIds();
if (outputIds != null) {
@@ -1501,23 +1493,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
try {
String outputValue = profileOutput.getValue(outputName, locale, reqs[i]);
if (outputName.equals("b64_cert")) {
- String ss = Cert.normalizeCertStrAndReq(outputValue);
- outputValue = Cert.stripBrackets(ss);
- byte[] bcode = CMS.AtoB(outputValue);
- X509CertImpl impl = new X509CertImpl(bcode);
- xmlObj.addItemToContainer(subnode,
- "serialno", impl.getSerialNumber().toString(16));
- xmlObj.addItemToContainer(subnode, "b64", outputValue);
+ String ss = Cert.normalizeCertStrAndReq(outputValue);
+ outputValue = Cert.stripBrackets(ss);
+ byte[] bcode = CMS.AtoB(outputValue);
+ X509CertImpl impl = new X509CertImpl(bcode);
+ xmlObj.addItemToContainer(subnode,
+ "serialno", impl.getSerialNumber().toString(16));
+ xmlObj.addItemToContainer(subnode, "b64", outputValue);
}// if b64_cert
else if (outputName.equals("pkcs7")) {
- String ss = Cert.normalizeCertStrAndReq(outputValue);
- xmlObj.addItemToContainer(subnode, "pkcs7", ss);
+ String ss = Cert.normalizeCertStrAndReq(outputValue);
+ xmlObj.addItemToContainer(subnode, "pkcs7", ss);
}
-
+
} catch (EProfileException e) {
- CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+ CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+ CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
}
}
}
@@ -1534,11 +1526,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1564,11 +1556,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request request containing an X509CertImpl
* @return cert string containing the certificate
*/
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
index 989710e3..0114f632 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
@@ -32,9 +32,8 @@ public class SSLClientCertProvider implements ISSLClientCertProvider {
public X509Certificate[] getClientCertificateChain() {
X509Certificate[] allCerts = (X509Certificate[])
- mRequest.getAttribute("javax.servlet.request.X509Certificate");
+ mRequest.getAttribute("javax.servlet.request.X509Certificate");
return allCerts;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
index 6a9ccac5..32ebd602 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.reflect.Array;
@@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.RawJS;
-
/**
* Output a 'pretty print' of a certificate request
- *
+ *
* @version $Revision$, $Date$
*/
public class CertReqParser extends ReqParser {
-
- public static final CertReqParser
- DETAIL_PARSER = new CertReqParser(true);
- public static final CertReqParser
- NODETAIL_PARSER = new CertReqParser(false);
+
+ public static final CertReqParser DETAIL_PARSER = new CertReqParser(true);
+ public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false);
private boolean mDetails = true;
private IPrettyPrintFormat pp = null;
@@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser {
/**
* Constructs a certificate request parser.
- *
+ *
* @param details return detailed information (this can be time consuming)
*/
public CertReqParser(boolean details) {
@@ -101,34 +97,30 @@ public class CertReqParser extends ReqParser {
private static final String RB = "]";
private static final String EQ = " = ";
- private static final String
- HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
- private static final String
- HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
- private static final String
- AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
- private static final String
- SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
+ private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
+ private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
+ private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
+ private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
/**
* Fills in certificate specific request attributes.
*/
public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ throws EBaseException {
if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) {
- fillX509RequestIntoArg(l, req, argSet, arg);
+ fillX509RequestIntoArg(l, req, argSet, arg);
} else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) {
- fillRevokeRequestIntoArg(l, req, argSet, arg);
+ fillRevokeRequestIntoArg(l, req, argSet, arg);
} else {
//o = req.get(IRequest.OLD_CERTS);
//if (o != null)
- fillRevokeRequestIntoArg(l, req, argSet, arg);
+ fillRevokeRequestIntoArg(l, req, argSet, arg);
}
}
-
+
private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
-
+ throws EBaseException {
+
// fill in the standard attributes
super.fillRequestIntoArg(l, req, argSet, arg);
@@ -138,13 +130,13 @@ public class CertReqParser extends ReqParser {
Enumeration<String> enum1 = req.getExtDataKeys();
// gross hack
- String prefix = "record.";
+ String prefix = "record.";
if (argSet.getHeader() == arg)
prefix = "header.";
while (enum1.hasMoreElements()) {
- String name = enum1.nextElement();
+ String name = enum1.nextElement();
if (mDetails) {
// show all http parameters stored in request.
@@ -166,16 +158,16 @@ public class CertReqParser extends ReqParser {
Enumeration<String> elms = http_params.keys();
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+ String parami =
+ IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
// hack
- String n = elms.nextElement();
+ String n = elms.nextElement();
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_params.get(n).toString()) + "\"";
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+ prefix + parami + ".value=\"" +
+ CMSTemplate.escapeJavaScriptStringHTML(
+ http_params.get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -186,16 +178,16 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+ String parami =
+ IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
// hack
- String n = elms.nextElement();
+ String n = elms.nextElement();
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_hdrs.get(n).toString()) + "\"";
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+ prefix + parami + ".value=\"" +
+ CMSTemplate.escapeJavaScriptStringHTML(
+ http_hdrs.get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -206,19 +198,19 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+ String parami =
+ IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
// hack
- String n = elms.nextElement();
+ String n = elms.nextElement();
Object authTokenValue = auth_token.getInStringArray(n);
if (authTokenValue == null) {
authTokenValue = auth_token.getInString(n);
}
String v = expandValue(prefix + parami + ".value",
- authTokenValue);
+ authTokenValue);
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
arg.set(parami, new RawJS(rawJS));
}
@@ -235,41 +227,40 @@ public class CertReqParser extends ReqParser {
}
String valstr = "";
// hack
- String parami =
- IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+ String parami =
+ IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
- (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
+ (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
X509CertImpl issuedCert[] =
- req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (issuedCert != null && issuedCert[0] != null) {
- val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>";
+ val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>";
}
} else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) {
X509CertInfo[] certInfo =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certInfo != null && certInfo[0] != null) {
- val = "<pre>"+certInfo[0].toString()+"</pre>";
+ val = "<pre>" + certInfo[0].toString() + "</pre>";
}
}
valstr = expandValue(prefix + parami + ".value", val);
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
- valstr; // java string already escaped in expandValue.
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
+ valstr; // java string already escaped in expandValue.
arg.set(parami, new RawJS(rawJS));
}
}
if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
- || name.equalsIgnoreCase(IRequest.RESULT)
- || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
- ) {
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+ || name.equalsIgnoreCase(IRequest.RESULT)
+ || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
arg.addStringValue(name, req.getExtDataInString(name));
}
@@ -301,7 +292,7 @@ public class CertReqParser extends ReqParser {
if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
// Get the certificate info from the request
X509CertInfo[] certInfo =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certInfo != null && certInfo[0] != null) {
// Get the subject name if any set.
@@ -332,9 +323,9 @@ public class CertReqParser extends ReqParser {
if (mDetails) {
try {
CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
- certInfo[0].get(X509CertInfo.ALGORITHM_ID);
+ certInfo[0].get(X509CertInfo.ALGORITHM_ID);
AlgorithmId algId = (AlgorithmId)
- certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+ certAlgId.get(CertificateAlgorithmId.ALGORITHM);
signatureAlgorithm = (algId.getOID()).toString();
signatureAlgorithmName = algId.getName();
@@ -362,36 +353,36 @@ public class CertReqParser extends ReqParser {
// only know about ns cert type
if (ext instanceof NSCertTypeExtension) {
- NSCertTypeExtension nsExtensions =
- (NSCertTypeExtension) ext;
+ NSCertTypeExtension nsExtensions =
+ (NSCertTypeExtension) ext;
try {
arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER,
- nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
+ nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT,
- nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
+ nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL,
- nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
+ nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING,
- nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
+ nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA,
- nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
+ nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA,
- nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
+ nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA,
- nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
+ nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
} catch (Exception e) {
}
} else if (ext instanceof BasicConstraintsExtension) {
- BasicConstraintsExtension bcExt =
- (BasicConstraintsExtension) ext;
+ BasicConstraintsExtension bcExt =
+ (BasicConstraintsExtension) ext;
Integer pathLength = null;
Boolean isCA = null;
@@ -410,8 +401,8 @@ public class CertReqParser extends ReqParser {
IArgBlock rr = CMS.createArgBlock();
rr.addStringValue(
- EXT_PRETTYPRINT,
- CMS.getExtPrettyPrint(ext, 0).toString());
+ EXT_PRETTYPRINT,
+ CMS.getExtPrettyPrint(ext, 0).toString());
argSet.addRepeatRecord(rr);
}
}
@@ -440,9 +431,9 @@ public class CertReqParser extends ReqParser {
if (key != null) {
arg.addStringValue("subjectPublicKeyInfo",
- key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
+ key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
arg.addStringValue("subjectPublicKey",
- pp.toHexString(key.getKey(), 0, 16));
+ pp.toHexString(key.getKey(), 0, 16));
}
// Get the validity period
@@ -450,7 +441,7 @@ public class CertReqParser extends ReqParser {
try {
validity =
- (CertificateValidity)
+ (CertificateValidity)
certInfo[0].get(X509CertInfo.VALIDITY);
if (validity != null) {
long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000;
@@ -475,7 +466,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- oldSerialNo[i], 16);
+ oldSerialNo[i], 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -483,10 +474,10 @@ public class CertReqParser extends ReqParser {
}
if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
- (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
+ (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
X509CertImpl issuedCert[] =
- req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16);
// Set Serial No for 2nd certificate
@@ -495,7 +486,7 @@ public class CertReqParser extends ReqParser {
}
if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
X509CertImpl oldCert[] =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ req.getExtDataInCertArray(IRequest.OLD_CERTS);
if (oldCert != null && oldCert.length > 0) {
arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16);
@@ -505,7 +496,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- oldCert[i].getSerialNumber(), 16);
+ oldCert[i].getSerialNumber(), 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -526,7 +517,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert[i].getSerialNumber(), 16);
+ cert[i].getSerialNumber(), 16);
argSet.addRepeatRecord(rarg);
}
} catch (IOException e) {
@@ -535,16 +526,16 @@ public class CertReqParser extends ReqParser {
}
}
if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) {
- Hashtable<String, Object> fingerprints =
- req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+ Hashtable<String, Object> fingerprints =
+ req.getExtDataInHashtable(IRequest.FINGERPRINTS);
if (fingerprints != null) {
String namesAndHashes = null;
Enumeration<String> enumFingerprints = fingerprints.keys();
- while (enumFingerprints.hasMoreElements()) {
+ while (enumFingerprints.hasMoreElements()) {
String hashname = enumFingerprints.nextElement();
- String hashvalue = (String) fingerprints.get(hashname);
+ String hashvalue = (String) fingerprints.get(hashname);
byte[] fingerprint = CMS.AtoB(hashvalue);
String ppFingerprint = pp.toHexString(fingerprint, 0);
@@ -578,7 +569,7 @@ public class CertReqParser extends ReqParser {
StringBuffer sb = new StringBuffer();
for (@SuppressWarnings("unchecked")
- Enumeration<String> n = ((Vector<String>)v).elements(); n.hasMoreElements(); j++) {
+ Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) {
sb.append(";\n");
sb.append(valuename);
sb.append(LB);
@@ -588,8 +579,8 @@ public class CertReqParser extends ReqParser {
sb.append("\"");
sb.append(
CMSTemplate.escapeJavaScriptStringHTML(
- n.nextElement().toString()));
- sb.append( "\";\n");
+ n.nextElement().toString()));
+ sb.append("\";\n");
}
sb.append("\n");
valstr = sb.toString();
@@ -599,7 +590,7 @@ public class CertReqParser extends ReqParser {
// if an array.
int len = -1;
- try {
+ try {
len = Array.getLength(v);
} catch (IllegalArgumentException e) {
}
@@ -611,7 +602,7 @@ public class CertReqParser extends ReqParser {
if (Array.get(v, i) != null)
valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" +
CMSTemplate.escapeJavaScriptStringHTML(
- Array.get(v, i).toString()) + "\";\n";
+ Array.get(v, i).toString()) + "\";\n";
}
return valstr;
}
@@ -620,16 +611,16 @@ public class CertReqParser extends ReqParser {
// if string or unrecognized type, just call its toString method.
return valuename + "=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
+ CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
}
public String getRequestorDN(IRequest request) {
try {
X509CertInfo info = (X509CertInfo)
- request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
// retrieve the subject name
CertificateSubjectName sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ info.get(X509CertInfo.SUBJECT);
return sn.toString();
} catch (Exception e) {
@@ -644,15 +635,15 @@ public class CertReqParser extends ReqParser {
String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
if (cid == null) {
- cid = "";
+ cid = "";
}
String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
if (uid == null) {
- uid = "";
+ uid = "";
}
- kid = cid+":"+uid;
+ kid = cid + ":" + uid;
if (kid.equals(":")) {
- kid = "";
+ kid = "";
}
return kid;
@@ -663,7 +654,7 @@ public class CertReqParser extends ReqParser {
}
private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ throws EBaseException {
// fill in the standard attributes
super.fillRequestIntoArg(l, req, argSet, arg);
@@ -691,7 +682,7 @@ public class CertReqParser extends ReqParser {
Enumeration<String> enum1 = req.getExtDataKeys();
// gross hack
- String prefix = "record.";
+ String prefix = "record.";
if (argSet.getHeader() == arg)
prefix = "header.";
@@ -714,16 +705,16 @@ public class CertReqParser extends ReqParser {
Enumeration<String> elms = http_params.keys();
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+ String parami =
+ IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_params.get(n).toString()) + "\"";
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+ prefix + parami + ".value=\"" +
+ CMSTemplate.escapeJavaScriptStringHTML(
+ http_params.get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -734,16 +725,16 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+ String parami =
+ IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_hdrs.get(n).toString()) + "\"";
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+ prefix + parami + ".value=\"" +
+ CMSTemplate.escapeJavaScriptStringHTML(
+ http_hdrs.get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -754,16 +745,16 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+ String parami =
+ IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
- String v =
- expandValue(prefix + parami + ".value",
- auth_token.getInString(n));
+ String v =
+ expandValue(prefix + parami + ".value",
+ auth_token.getInString(n));
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
arg.set(parami, new RawJS(rawJS));
}
@@ -780,25 +771,24 @@ public class CertReqParser extends ReqParser {
}
String valstr = "";
// hack
- String parami =
- IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+ String parami =
+ IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
valstr = expandValue(prefix + parami + ".value", val);
String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
- valstr; // java string already escaped in expandValue.
+ prefix + parami + ".name=\"" +
+ CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
+ valstr; // java string already escaped in expandValue.
arg.set(parami, new RawJS(rawJS));
}
}
if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
- || name.equalsIgnoreCase(IRequest.RESULT)
- || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
- ) {
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+ || name.equalsIgnoreCase(IRequest.RESULT)
+ || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
arg.addStringValue(name, req.getExtDataInString(name));
}
@@ -837,7 +827,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- revokedCert[i].getSerialNumber(), 16);
+ revokedCert[i].getSerialNumber(), 16);
CRLExtensions crlExtensions = revokedCert[i].getExtensions();
@@ -847,19 +837,19 @@ public class CertReqParser extends ReqParser {
if (ext instanceof CRLReasonExtension) {
rarg.addStringValue("reason",
- ((CRLReasonExtension) ext).getReason().toString());
+ ((CRLReasonExtension) ext).getReason().toString());
}
}
} else {
rarg.addStringValue("reason",
- RevocationReason.UNSPECIFIED.toString());
+ RevocationReason.UNSPECIFIED.toString());
}
argSet.addRepeatRecord(rarg);
}
} else {
arg.addBigIntegerValue("serialNumber",
- revokedCert[0].getSerialNumber(), 16);
+ revokedCert[0].getSerialNumber(), 16);
}
}
}
@@ -873,7 +863,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- oldSerialNo[i], 16);
+ oldSerialNo[i], 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -884,8 +874,8 @@ public class CertReqParser extends ReqParser {
//X509CertImpl oldCert[] =
// (X509CertImpl[])req.get(IRequest.OLD_CERTS);
Certificate oldCert[] =
- (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
+ (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
+
if (oldCert != null && oldCert.length > 0) {
if (oldCert[0] instanceof X509CertImpl) {
X509CertImpl xcert = (X509CertImpl) oldCert[0];
@@ -898,7 +888,7 @@ public class CertReqParser extends ReqParser {
xcert = (X509CertImpl) oldCert[i];
rarg.addBigIntegerValue("serialNumber",
- xcert.getSerialNumber(), 16);
+ xcert.getSerialNumber(), 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -907,9 +897,9 @@ public class CertReqParser extends ReqParser {
}
if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails &&
- req.getRequestType().equals("getRevocationInfo")) {
- RevokedCertImpl revokedCert[] =
- req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+ req.getRequestType().equals("getRevocationInfo")) {
+ RevokedCertImpl revokedCert[] =
+ req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
if (revokedCert != null && revokedCert[0] != null) {
boolean reasonFound = false;
@@ -920,7 +910,7 @@ public class CertReqParser extends ReqParser {
if (ext instanceof CRLReasonExtension) {
arg.addStringValue("reason",
- ((CRLReasonExtension) ext).getReason().toString());
+ ((CRLReasonExtension) ext).getReason().toString());
reasonFound = true;
}
}
@@ -931,5 +921,5 @@ public class CertReqParser extends ReqParser {
}
}
}
-
+
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index 127f2ce8..001fab7f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Check the status of a certificate request
- *
+ *
* @version $Revision$, $Date$
*/
public class CheckRequest extends CMSServlet {
@@ -116,15 +114,15 @@ public class CheckRequest extends CMSServlet {
/**
* Constructs request query servlet.
*/
- public CheckRequest()
- throws EBaseException {
+ public CheckRequest()
+ throws EBaseException {
super();
}
/**
* initialize the servlet. This servlet uses the template file
* "requestStatus.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -140,12 +138,10 @@ public class CheckRequest extends CMSServlet {
* Process the HTTP request.
* <ul>
* <li>http.param requestId ID of the request to check
- * <li>http.param format if 'id', then check the request based on
- * the request ID parameter. If set to CMC, then use the
- * 'queryPending' parameter.
+ * <li>http.param format if 'id', then check the request based on the request ID parameter. If set to CMC, then use the 'queryPending' parameter.
* <li>http.param queryPending query formatted as a CMC request
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -166,10 +162,10 @@ public class CheckRequest extends CMSServlet {
mAuthzResourceName, "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -187,9 +183,9 @@ public class CheckRequest extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -212,13 +208,13 @@ public class CheckRequest extends CMSServlet {
isCMCReq = true;
byte[] cmcBlob = CMS.AtoB(queryPending);
ByteArrayInputStream cmcBlobIn =
- new ByteArrayInputStream(cmcBlob);
+ new ByteArrayInputStream(cmcBlob);
org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+ org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
SignedData cmcFullReq = (SignedData)
- cii.getInterpretedContent();
-
+ cii.getInterpretedContent();
+
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
@@ -235,7 +231,7 @@ public class CheckRequest extends CMSServlet {
for (int i = 0; i < numControls; i++) {
// decode message.
- TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
+ TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
OBJECT_IDENTIFIER type = taggedAttr.getType();
if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) {
@@ -246,18 +242,16 @@ public class CheckRequest extends CMSServlet {
// We only process one for now.
if (numReq > 0) {
OCTET_STRING reqId = (OCTET_STRING)
- ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(requestIds.elementAt(0)));
+ ASN1Util.decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(requestIds.elementAt(0)));
requestId = new String(reqId.toByteArray());
}
} else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
transIds = taggedAttr.getValues();
- }else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
+ } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
rNonces = taggedAttr.getValues();
- } else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+ } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
sNonces = taggedAttr.getValues();
}
}
@@ -276,7 +270,7 @@ public class CheckRequest extends CMSServlet {
mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
} catch (Exception e) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
}
if (requestId == null || requestId.trim().equals("")) {
@@ -289,34 +283,34 @@ public class CheckRequest extends CMSServlet {
log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
throw new EBaseException(
CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
- }
+ }
IRequest r = mQueue.findRequest(new RequestId(requestId));
if (r == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
}
if (authToken != null) {
- // if RA, requestOwner must match the group
- String group = authToken.getInString("group");
- if ((group != null) && (group != "")) {
- if (group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- String requestOwner = r.getExtDataInString("requestOwner");
- if (requestOwner != null) {
- if (requestOwner.equals(group))
- groupMatched = true;
- }
- if (groupMatched == false) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
- }
+ // if RA, requestOwner must match the group
+ String group = authToken.getInString("group");
+ if ((group != null) && (group != "")) {
+ if (group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ String requestOwner = r.getExtDataInString("requestOwner");
+ if (requestOwner != null) {
+ if (requestOwner.equals(group))
+ groupMatched = true;
+ }
+ if (groupMatched == false) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ }
+ }
}
- }
}
RequestStatus status = r.getRequestStatus();
@@ -327,35 +321,35 @@ public class CheckRequest extends CMSServlet {
header.addStringValue(STATUS, status.toString());
header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
- if (note != null && note.length() > 0)
+ if (note != null && note.length() > 0)
header.addStringValue("requestNotes", note);
String type = r.getRequestType();
Integer result = r.getExtDataInInteger(IRequest.RESULT);
-/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) {
- X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
- IArgBlock rarg = CMS.createArgBlock();
+ /* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) {
+ X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
+ IArgBlock rarg = CMS.createArgBlock();
- rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
- argSet.addRepeatRecord(rarg);
- }
-*/
+ rarg.addBigIntegerValue("serialNumber",
+ cert.getSerialNumber(), 16);
+ argSet.addRepeatRecord(rarg);
+ }
+ */
String profileId = r.getExtDataInString("profileId");
if (profileId != null) {
- result = IRequest.RES_SUCCESS;
+ result = IRequest.RES_SUCCESS;
}
if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) ||
- type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
- status.equals(RequestStatus.COMPLETE) && (result != null) &&
- result.equals(IRequest.RES_SUCCESS)) {
+ type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
+ status.equals(RequestStatus.COMPLETE) && (result != null) &&
+ result.equals(IRequest.RES_SUCCESS)) {
Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (profileId != null) {
- X509CertImpl impl[] = new X509CertImpl[1];
- impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- o = impl;
+ X509CertImpl impl[] = new X509CertImpl[1];
+ impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ o = impl;
}
if (o != null && (o instanceof X509CertImpl[])) {
X509CertImpl[] certs = (X509CertImpl[]) o;
@@ -366,11 +360,12 @@ public class CheckRequest extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
// add pkcs7 cert for importing
if (importCert || isCMCReq) {
//byte[] ba = certs[i].getEncoded();
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (mCACerts != null) {
for (int ii = 0; ii < mCACerts.length; ii++) {
if (certs[i].equals(mCACerts[ii])) {
@@ -381,10 +376,10 @@ public class CheckRequest extends CMSServlet {
certsInChain = new X509CertImpl[mCACerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = certs[i];
-
+
// Set the Ca certificate chain
if (mCACerts != null) {
for (int ii = 0; ii < mCACerts.length; ii++) {
@@ -396,7 +391,7 @@ public class CheckRequest extends CMSServlet {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0],
new netscape.security.pkcs.ContentInfo(new byte[0]),
certsInChain,
new netscape.security.pkcs.SignerInfo[0]);
@@ -407,7 +402,7 @@ public class CheckRequest extends CMSServlet {
p7Str = CMS.BtoA(p7Bytes);
- StringTokenizer tokenizer = null;
+ StringTokenizer tokenizer = null;
if (File.separator.equals("\\")) {
char[] nl = new char[2];
@@ -438,14 +433,14 @@ public class CheckRequest extends CMSServlet {
if (bodyPartId != null)
bpids.addElement(bodyPartId);
CMCStatusInfo cmcStatusInfo = new
- CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
+ CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
TaggedAttribute ta = new TaggedAttribute(new
INTEGER(bpid++),
OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
cmcStatusInfo);
controlSeq.addElement(ta);
-
+
// copy transactionID, senderNonce,
// create recipientNonce
if (transIds != null) {
@@ -455,7 +450,7 @@ public class CheckRequest extends CMSServlet {
transIds);
controlSeq.addElement(ta);
}
-
+
if (sNonces != null) {
ta = new TaggedAttribute(new
INTEGER(bpid++),
@@ -463,7 +458,7 @@ public class CheckRequest extends CMSServlet {
sNonces);
controlSeq.addElement(ta);
}
-
+
String salt = CMSServlet.generateSalt();
byte[] dig;
@@ -475,41 +470,40 @@ public class CheckRequest extends CMSServlet {
dig = salt.getBytes();
}
String b64E = CMS.BtoA(dig);
- String[] newNonce = {b64E};
+ String[] newNonce = { b64E };
ta = new TaggedAttribute(new
INTEGER(bpid++),
OBJECT_IDENTIFIER.id_cmc_senderNonce,
new OCTET_STRING(newNonce[0].getBytes()));
controlSeq.addElement(ta);
-
+
ResponseBody rb = new ResponseBody(controlSeq, new
SEQUENCE(), new
SEQUENCE());
EncapsulatedContentInfo ci = new
- EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
- rb);
-
+ EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+ rb);
+
org.mozilla.jss.crypto.X509Certificate x509cert = null;
if (mAuthority instanceof ICertificateAuthority) {
x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert();
- }else if (mAuthority instanceof IRegistrationAuthority) {
+ } else if (mAuthority instanceof IRegistrationAuthority) {
x509cert = ((IRegistrationAuthority) mAuthority).getRACert();
}
if (x509cert == null)
- throw new
- ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found."));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found."));
X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
ByteArrayInputStream issuer1 = new
- ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+ ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
Name issuer = (Name) Name.getTemplate().decode(issuer1);
IssuerAndSerialNumber ias = new
- IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
+ IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
SignerIdentifier si = new
- SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-
+ SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+
// SHA1 is the default digest Alg for now.
DigestAlgorithm digestAlg = null;
SignatureAlgorithm signAlg = null;
@@ -518,7 +512,7 @@ public class CheckRequest extends CMSServlet {
if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA))
signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
+ else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
MessageDigest SHADigest = null;
byte[] digest = null;
@@ -533,44 +527,44 @@ public class CheckRequest extends CMSServlet {
} catch (NoSuchAlgorithmException ex) {
//log("digest fail");
}
-
+
org.mozilla.jss.pkix.cms.SignerInfo signInfo = new
- org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
- OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg,
- privKey);
+ org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
+ OBJECT_IDENTIFIER.id_cct_PKIResponse,
+ digest, signAlg,
+ privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
-
+
SET digestAlgs = new SET();
if (digestAlg != null) {
AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(),
- null);
+ AlgorithmIdentifier(digestAlg.toOID(),
+ null);
digestAlgs.addElement(ai);
}
-
+
SET jsscerts = new SET();
for (int j = 0; j < certsInChain.length; j++) {
ByteArrayInputStream is = new
- ByteArrayInputStream(certsInChain[j].getEncoded());
+ ByteArrayInputStream(certsInChain[j].getEncoded());
org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate)
- org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
+ org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
jsscerts.addElement(certJss);
}
-
+
SignedData fResponse = new
- SignedData(digestAlgs, ci,
- jsscerts, null, signInfos);
+ SignedData(digestAlgs, ci,
+ jsscerts, null, signInfos);
org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new
- org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
+ org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
ByteArrayOutputStream ostream = new
- ByteArrayOutputStream();
+ ByteArrayOutputStream();
fullResponse.encode((OutputStream) ostream);
byte[] fr = ostream.toByteArray();
@@ -579,10 +573,10 @@ public class CheckRequest extends CMSServlet {
}
} catch (Exception e) {
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
}
argSet.addRepeatRecord(rarg);
@@ -598,11 +592,11 @@ public class CheckRequest extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
@@ -610,10 +604,9 @@ public class CheckRequest extends CMSServlet {
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
index 0e3974a1..f90e97b7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.util.Locale;
import com.netscape.certsrv.base.EBaseException;
@@ -25,13 +24,12 @@ import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
-
/**
* An interface representing a request parser which
* converts Java request object into name value
* pairs and vice versa.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public interface IReqParser {
@@ -40,5 +38,5 @@ public interface IReqParser {
* Maps request object into argument block.
*/
public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException;
+ throws EBaseException;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
index 459aca63..b7ddc16d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.math.BigInteger;
import java.util.Locale;
@@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.key.KeyRecordParser;
-
/**
* Output a 'pretty print' of a Key Archival request
- *
+ *
* @version $Revision$, $Date$
*/
public class KeyReqParser extends ReqParser {
@@ -50,7 +48,7 @@ public class KeyReqParser extends ReqParser {
* Fills in certificate specific request attributes.
*/
public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ throws EBaseException {
// fill in the standard attributes
super.fillRequestIntoArg(l, req, argSet, arg);
@@ -58,7 +56,7 @@ public class KeyReqParser extends ReqParser {
if (type.equals(IRequest.ENROLLMENT_REQUEST)) {
BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord");
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra");
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
if (kra != null) {
KeyRecordParser.fillRecordIntoArg(
kra.getKeyRepository().readKeyRecord(recSerialNo),
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
index d19c7714..8f229a6f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
@@ -79,12 +78,11 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
* Agent operations on Certificate requests. This servlet is used
* by an Agent to approve, reject, reassign, or change a certificate
* request.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProcessCertReq extends CMSServlet {
@@ -105,101 +103,92 @@ public class ProcessCertReq extends CMSServlet {
private boolean mExtraAgentParams = false;
// for RA only since it does not have a database.
- private final static String
- REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
- private final static String
- PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
- private final static String
- PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
- private static ICMSTemplateFiller
- REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
+ private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
+ private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
+ private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
+ private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
private String mReqCompletedTemplate = null;
- private final static String
- CERT_TYPE = "certType";
+ private final static String CERT_TYPE = "certType";
private String auditServiceID = ILogger.UNIDENTIFIED;
private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET =
- "caProcessCertReq";
+ "caProcessCertReq";
private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET =
- "raProcessCertReq";
+ "raProcessCertReq";
private final static String SIGNED_AUDIT_ACCEPTANCE = "accept";
private final static String SIGNED_AUDIT_CANCELLATION = "cancel";
private final static String SIGNED_AUDIT_CLONING = "clone";
private final static String SIGNED_AUDIT_REJECTION = "reject";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
- private final static String[]
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
-
- /* 0 */ "manual non-profile cert request cancellation: "
+ private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
+
+ /* 0 */"manual non-profile cert request cancellation: "
+ "request cannot be processed due to an "
+ "authorization failure",
-
- /* 1 */ "manual non-profile cert request cancellation: "
+
+ /* 1 */"manual non-profile cert request cancellation: "
+ "no reason has been given for cancelling this "
+ "cert request",
-
- /* 2 */ "manual non-profile cert request cancellation: "
+
+ /* 2 */"manual non-profile cert request cancellation: "
+ "indeterminate reason for inability to process "
+ "cert request due to an EBaseException",
-
- /* 3 */ "manual non-profile cert request cancellation: "
+
+ /* 3 */"manual non-profile cert request cancellation: "
+ "indeterminate reason for inability to process "
+ "cert request due to an IOException",
-
- /* 4 */ "manual non-profile cert request cancellation: "
+
+ /* 4 */"manual non-profile cert request cancellation: "
+ "indeterminate reason for inability to process "
+ "cert request due to a CertificateException",
-
- /* 5 */ "manual non-profile cert request cancellation: "
+
+ /* 5 */"manual non-profile cert request cancellation: "
+ "indeterminate reason for inability to process "
+ "cert request due to a NoSuchAlgorithmException"
};
- private final static String[]
- SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
-
- /* 0 */ "manual non-profile cert request rejection: "
+ private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
+
+ /* 0 */"manual non-profile cert request rejection: "
+ "request cannot be processed due to an "
+ "authorization failure",
-
- /* 1 */ "manual non-profile cert request rejection: "
+
+ /* 1 */"manual non-profile cert request rejection: "
+ "no reason has been given for rejecting this "
+ "cert request",
-
- /* 2 */ "manual non-profile cert request rejection: "
+
+ /* 2 */"manual non-profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to an EBaseException",
-
- /* 3 */ "manual non-profile cert request rejection: "
+
+ /* 3 */"manual non-profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to an IOException",
-
- /* 4 */ "manual non-profile cert request rejection: "
+
+ /* 4 */"manual non-profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to a CertificateException",
-
- /* 5 */ "manual non-profile cert request rejection: "
+
+ /* 5 */"manual non-profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to a NoSuchAlgorithmException"
};
- private final static String
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
+ "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
/**
* Process request.
*/
public ProcessCertReq()
- throws EBaseException {
+ throws EBaseException {
super();
}
/**
* initialize the servlet. This servlet uses the template file
* "processCertReq.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -212,8 +201,8 @@ public class ProcessCertReq extends CMSServlet {
if (id != null) {
if (!(auditServiceID.equals(
AGENT_CA_CLONE_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
+ && !(auditServiceID.equals(
+ AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
auditServiceID = ILogger.UNIDENTIFIED;
} else {
auditServiceID = id.trim();
@@ -252,25 +241,19 @@ public class ProcessCertReq extends CMSServlet {
}
}
-
/**
* Process the HTTP request.
* <ul>
- * <li>http.param seqNum request id
- * <li>http.param notValidBefore certificate validity
- * - notBefore - in seconds since jan 1, 1970
- * <li>http.param notValidAfter certificate validity
- * - notAfter - in seconds since jan 1, 1970
- * <li>http.param subject certificate subject name
- * <li>http.param toDo requested action
- * (can be one of: clone, reject, accept, cancel)
+ * <li>http.param seqNum request id
+ * <li>http.param notValidBefore certificate validity - notBefore - in seconds since jan 1, 1970
+ * <li>http.param notValidAfter certificate validity - notAfter - in seconds since jan 1, 1970
+ * <li>http.param subject certificate subject name
+ * <li>http.param toDo requested action (can be one of: clone, reject, accept, cancel)
* <li>http.param signatureAlgorithm certificate signing algorithm
- * <li>http.param addExts base-64, DER encoded Extension or
- * SEQUENCE OF Extensions to add to certificate
- * <li>http.param pathLenConstraint integer path length constraint to
- * use in BasicConstraint extension if applicable
+ * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF Extensions to add to certificate
+ * <li>http.param pathLenConstraint integer path length constraint to use in BasicConstraint extension if applicable
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -297,15 +280,15 @@ public class ProcessCertReq extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
if (req.getParameter(SEQNUM) != null) {
CMS.debug(
- "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
+ "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
seqNum = Integer.parseInt(req.getParameter(SEQNUM));
}
String notValidBeforeStr = req.getParameter("notValidBefore");
@@ -326,7 +309,6 @@ public class ProcessCertReq extends CMSServlet {
subject = req.getParameter("subject");
signatureAlgorithm = req.getParameter("signatureAlgorithm");
-
IRequest r = null;
if (seqNum > -1) {
@@ -334,23 +316,22 @@ public class ProcessCertReq extends CMSServlet {
Integer.toString(seqNum)));
}
- if(seqNum > -1 && r != null)
- {
+ if (seqNum > -1 && r != null) {
processX509(cmsReq, argSet, header, seqNum, req, resp,
- toDo, signatureAlgorithm, subject,
- notValidBefore, notValidAfter, locale[0], startTime);
+ toDo, signatureAlgorithm, subject,
+ notValidBefore, notValidAfter, locale[0], startTime);
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum)));
error = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
- String.valueOf(seqNum)));
+ CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+ String.valueOf(seqNum)));
}
} catch (EBaseException e) {
error = e;
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, "Error " + e);
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
- }
+ error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -358,46 +339,43 @@ public class ProcessCertReq extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- String output = form.getOutput(argSet);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ String output = form.getOutput(argSet);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
-
+
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
}
/**
* Process X509 certificate enrollment request and send request information
- * to the caller.
+ * to the caller.
* <P>
- *
+ *
* (Certificate Request - an "agent" cert request for "cloning")
* <P>
- *
- * (Certificate Request Processed - either a manual "agent" non-profile
- * based cert acceptance, a manual "agent" non-profile based cert
- * cancellation, or a manual "agent" non-profile based cert rejection)
+ *
+ * (Certificate Request Processed - either a manual "agent" non-profile based cert acceptance, a manual "agent" non-profile based cert cancellation, or a manual "agent" non-profile based cert rejection)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
- * non-profile cert request is made (before approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
- * certificate request has just been through the approval process
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq a certificate enrollment request
* @param argSet CMS template parameters
* @param header argument block
@@ -405,26 +383,26 @@ public class ProcessCertReq extends CMSServlet {
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param toDo string representing the requested action (can be one of:
- * clone, reject, accept, cancel)
+ * clone, reject, accept, cancel)
* @param signatureAlgorithm string containing the signature algorithm
* @param subject string containing the subject name of the certificate
* @param notValidBefore certificate validity - notBefore - in seconds
- * since Jan 1, 1970
+ * since Jan 1, 1970
* @param notValidAfter certificate validity - notAfter - in seconds since
- * Jan 1, 1970
+ * Jan 1, 1970
* @param locale the system locale
* @param startTime the current date
* @exception EBaseException an error has occurred
*/
private void processX509(CMSRequest cmsReq,
- CMSTemplateParams argSet, IArgBlock header,
- int seqNum, HttpServletRequest req,
- HttpServletResponse resp,
- String toDo, String signatureAlgorithm,
- String subject,
- long notValidBefore, long notValidAfter,
- Locale locale, long startTime)
- throws EBaseException {
+ CMSTemplateParams argSet, IArgBlock header,
+ int seqNum, HttpServletRequest req,
+ HttpServletResponse resp,
+ String toDo, String signatureAlgorithm,
+ String subject,
+ long notValidBefore, long notValidAfter,
+ Locale locale, long startTime)
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -453,7 +431,7 @@ public class ProcessCertReq extends CMSServlet {
}
}
- if (mAuthority != null)
+ if (mAuthority != null)
header.addStringValue("authorityid", mAuthority.getId());
if (toDo != null) {
@@ -466,12 +444,12 @@ public class ProcessCertReq extends CMSServlet {
mAuthzResourceName, "execute");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -546,37 +524,37 @@ public class ProcessCertReq extends CMSServlet {
int alterationCounter = 0;
for (int i = 0; i < certInfo.length; i++) {
- CertificateAlgorithmId certAlgId =
- (CertificateAlgorithmId)
- certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+ CertificateAlgorithmId certAlgId =
+ (CertificateAlgorithmId)
+ certInfo[i].get(X509CertInfo.ALGORITHM_ID);
AlgorithmId algId = (AlgorithmId)
- certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+ certAlgId.get(CertificateAlgorithmId.ALGORITHM);
if (!(algId.getName().equals(signatureAlgorithm))) {
alterationCounter++;
AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm);
certInfo[i].set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(newAlgId));
+ new CertificateAlgorithmId(newAlgId));
}
- CertificateSubjectName certSubject =
- (CertificateSubjectName)
- certInfo[i].get(X509CertInfo.SUBJECT);
+ CertificateSubjectName certSubject =
+ (CertificateSubjectName)
+ certInfo[i].get(X509CertInfo.SUBJECT);
- if (subject != null &&
- !(certSubject.toString().equals(subject))) {
+ if (subject != null &&
+ !(certSubject.toString().equals(subject))) {
alterationCounter++;
certInfo[i].set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(
- (new X500Name(subject))));
+ new CertificateSubjectName(
+ (new X500Name(subject))));
}
- CertificateValidity certValidity =
- (CertificateValidity)
- certInfo[i].get(X509CertInfo.VALIDITY);
+ CertificateValidity certValidity =
+ (CertificateValidity)
+ certInfo[i].get(X509CertInfo.VALIDITY);
Date currentTime = CMS.getCurrentDate();
boolean validityChanged = false;
@@ -586,26 +564,26 @@ public class ProcessCertReq extends CMSServlet {
CertificateValidity.NOT_BEFORE);
if (notBefore.getTime() == 0 ||
- notBefore.getTime() != notValidBefore) {
+ notBefore.getTime() != notValidBefore) {
Date validFrom = new Date(notValidBefore);
notBefore = (notValidBefore == 0) ? currentTime : validFrom;
certValidity.set(CertificateValidity.NOT_BEFORE,
- notBefore);
+ notBefore);
validityChanged = true;
}
}
if (notValidAfter > 0) {
Date validTo = new Date(notValidAfter);
Date notAfter = (Date)
- certValidity.get(CertificateValidity.NOT_AFTER);
+ certValidity.get(CertificateValidity.NOT_AFTER);
if (notAfter.getTime() == 0 ||
- notAfter.getTime() != notValidAfter) {
+ notAfter.getTime() != notValidAfter) {
notAfter = currentTime;
notAfter = (notValidAfter == 0) ? currentTime : validTo;
certValidity.set(CertificateValidity.NOT_AFTER,
- notAfter);
+ notAfter);
validityChanged = true;
}
}
@@ -618,8 +596,8 @@ public class ProcessCertReq extends CMSServlet {
if (certInfo[i].get(X509CertInfo.VERSION) == null) {
certInfo[i].set(X509CertInfo.VERSION,
- new CertificateVersion(
- CertificateVersion.V3));
+ new CertificateVersion(
+ CertificateVersion.V3));
}
CertificateExtensions extensions = null;
@@ -669,14 +647,14 @@ public class ProcessCertReq extends CMSServlet {
if (extensions != null) {
try {
- NSCertTypeExtension nsExtensions =
- (NSCertTypeExtension)
- extensions.get(
- NSCertTypeExtension.class.getSimpleName());
+ NSCertTypeExtension nsExtensions =
+ (NSCertTypeExtension)
+ extensions.get(
+ NSCertTypeExtension.class.getSimpleName());
if (nsExtensions != null) {
updateNSExtension(req, nsExtensions);
- }
+ }
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString()));
}
@@ -686,20 +664,20 @@ public class ProcessCertReq extends CMSServlet {
if (pathLength != null) {
try {
int pathLen = Integer.parseInt(pathLength);
- BasicConstraintsExtension bcExt =
- (BasicConstraintsExtension)
- extensions.get(
- BasicConstraintsExtension.class.getSimpleName());
+ BasicConstraintsExtension bcExt =
+ (BasicConstraintsExtension)
+ extensions.get(
+ BasicConstraintsExtension.class.getSimpleName());
if (bcExt != null) {
Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
if (bcPathLen != null &&
- bcPathLen.intValue() != pathLen &&
- isCA != null) {
+ bcPathLen.intValue() != pathLen &&
+ isCA != null) {
BasicConstraintsExtension bcExt0 =
- new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
+ new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
extensions.delete(BasicConstraintsExtension.class.getSimpleName());
extensions.set(BasicConstraintsExtension.class.getSimpleName(), (Extension) bcExt0);
@@ -775,7 +753,7 @@ public class ProcessCertReq extends CMSServlet {
if (mExtraAgentParams) {
@SuppressWarnings("unchecked")
- Enumeration<String> extraparams = req.getParameterNames();
+ Enumeration<String> extraparams = req.getParameterNames();
int l = IRequest.AGENT_PARAMS.length() + 1;
int ap_counter = 0;
Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>();
@@ -819,100 +797,100 @@ public class ProcessCertReq extends CMSServlet {
if (r.getRequestStatus().equals(RequestStatus.PENDING)) {
cmsReq.setResult(r);
cmsReq.setStatus(CMSRequest.PENDING);
- if (certInfo != null) {
+ if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "pending",
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "pending",
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "pending",
- subject,
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "pending",
+ subject,
+ "" }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "pending"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "pending" }
+ );
}
}
} else if (r.getRequestStatus().equals(
RequestStatus.APPROVED) ||
- r.getRequestStatus().equals(
- RequestStatus.SVC_PENDING)) {
+ r.getRequestStatus().equals(
+ RequestStatus.SVC_PENDING)) {
cmsReq.setResult(r);
cmsReq.setStatus(CMSRequest.SVC_PENDING);
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- r.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ r.getRequestStatus(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- r.getRequestStatus(),
- subject,
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ r.getRequestStatus(),
+ subject,
+ "" }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- r.getRequestStatus()}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ r.getRequestStatus() }
+ );
}
}
} else if (r.getRequestStatus().equals(
@@ -922,7 +900,7 @@ public class ProcessCertReq extends CMSServlet {
// XXX make the repeat record.
// Get the certificate(s) from the request
X509CertImpl issuedCerts[] =
- r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
// return potentially more than one certificates.
if (issuedCerts != null) {
@@ -932,24 +910,24 @@ public class ProcessCertReq extends CMSServlet {
//header.addBigIntegerValue("serialNumber",
//issuedCerts[0].getSerialNumber(),16);
for (int i = 0; i < issuedCerts.length; i++) {
- if (i != 0)
+ if (i != 0)
sbuf.append(", ");
sbuf.append("0x" +
- issuedCerts[i].getSerialNumber().toString(16));
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "completed",
- issuedCerts[i].getSubjectDN(),
- "cert issued serial number: 0x" +
- issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
- );
+ issuedCerts[i].getSerialNumber().toString(16));
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ issuedCerts[i].getSubjectDN(),
+ "cert issued serial number: 0x" +
+ issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
+ );
// store a message in the signed audit log file
// (one for each manual "agent"
@@ -965,34 +943,34 @@ public class ProcessCertReq extends CMSServlet {
audit(auditMessage);
}
header.addStringValue(
- "serialNumber", sbuf.toString());
+ "serialNumber", sbuf.toString());
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "completed",
- subject,
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ subject,
+ "" }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "completed" }
+ );
}
// store a message in the signed audit log file
@@ -1012,7 +990,7 @@ public class ProcessCertReq extends CMSServlet {
// grant trusted manager or agent privileges
Object grantError = null;
- try {
+ try {
int res = grant_privileges(
cmsReq, r, issuedCerts, header);
@@ -1043,30 +1021,29 @@ public class ProcessCertReq extends CMSServlet {
String scheme = req.getScheme();
- if (scheme.equals("http") &&
- connectionIsSSL(req)) scheme = "https";
+ if (scheme.equals("http") &&
+ connectionIsSSL(req))
+ scheme = "https";
- /*
- header.addStringValue(
- "authorityid", mAuthority.getId());
- header.addStringValue("serviceURL", scheme +"://"+
- req.getServerName() + ":"+
- req.getServerPort() +
- req.getRequestURI());
- */
+ /*
+ header.addStringValue(
+ "authorityid", mAuthority.getId());
+ header.addStringValue("serviceURL", scheme +"://"+
+ req.getServerName() + ":"+
+ req.getServerPort() +
+ req.getRequestURI());
+ */
if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- r.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus =
+ r.getExtDataInIntegerArray("ldapPublishStatus");
int certsUpdated = 0;
if (ldapPublishStatus != null) {
- for (int i = 0;
- i < ldapPublishStatus.length; i++) {
- if (ldapPublishStatus[i] ==
- IRequest.RES_SUCCESS) {
+ for (int i = 0; i < ldapPublishStatus.length; i++) {
+ if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
certsUpdated++;
}
}
@@ -1082,47 +1059,47 @@ public class ProcessCertReq extends CMSServlet {
mQueue.rejectRequest(r);
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "rejected",
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "rejected",
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "rejected",
- subject,
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "rejected",
+ subject,
+ "" }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "rejected"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "rejected" }
+ );
}
}
@@ -1143,47 +1120,47 @@ public class ProcessCertReq extends CMSServlet {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "canceled",
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "canceled",
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "canceled",
- subject,
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "canceled",
+ subject,
+ "" }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "canceled"}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "canceled" }
+ );
}
}
@@ -1204,54 +1181,54 @@ public class ProcessCertReq extends CMSServlet {
IRequest clonedRequest = mQueue.cloneAndMarkPending(r);
header.addStringValue("clonedRequestId",
- clonedRequest.getRequestId().toString());
+ clonedRequest.getRequestId().toString());
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "cloned to reqID: " +
- clonedRequest.getRequestId().toString(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "cloned to reqID: " +
+ clonedRequest.getRequestId().toString(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "cloned to reqID: " +
- clonedRequest.getRequestId().toString(),
- subject,
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "cloned to reqID: " +
+ clonedRequest.getRequestId().toString(),
+ subject,
+ "" }
+ );
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "cloned to reqID: " +
- clonedRequest.getRequestId().toString()}
- );
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "cloned to reqID: " +
+ clonedRequest.getRequestId().toString() }
+ );
}
}
@@ -1270,11 +1247,11 @@ public class ProcessCertReq extends CMSServlet {
}
// add authority names to know what privileges can be requested.
- if (CMS.getSubsystem("kra") != null)
+ if (CMS.getSubsystem("kra") != null)
header.addStringValue("localkra", "yes");
- if (CMS.getSubsystem("ca") != null)
+ if (CMS.getSubsystem("ca") != null)
header.addStringValue("localca", "yes");
- if (CMS.getSubsystem("ra") != null)
+ if (CMS.getSubsystem("ra") != null)
header.addStringValue("localra", "yes");
header.addIntegerValue("seqNum", seqNum);
@@ -1389,7 +1366,7 @@ public class ProcessCertReq extends CMSServlet {
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
@@ -1443,7 +1420,7 @@ public class ProcessCertReq extends CMSServlet {
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
} catch (NoSuchAlgorithmException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
@@ -1500,9 +1477,9 @@ public class ProcessCertReq extends CMSServlet {
}
return;
}
-
- private void updateNSExtension(HttpServletRequest req,
- NSCertTypeExtension ext) throws IOException {
+
+ private void updateNSExtension(HttpServletRequest req,
+ NSCertTypeExtension ext) throws IOException {
try {
if (req.getParameter("certTypeSSLServer") == null) {
@@ -1562,95 +1539,91 @@ public class ProcessCertReq extends CMSServlet {
private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) {
int nChanges = 0;
- if (req.getParameter("certTypeSSLServer") != null) {
- r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
- nChanges++;
- }
+ if (req.getParameter("certTypeSSLServer") != null) {
+ r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
+ nChanges++;
+ }
- if (req.getParameter("certTypeSSLClient") != null) {
- r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
- nChanges++;
- }
+ if (req.getParameter("certTypeSSLClient") != null) {
+ r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
+ nChanges++;
+ }
- if (req.getParameter("certTypeEmail") != null) {
- r.setExtData(NSCertTypeExtension.EMAIL, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.EMAIL);
- nChanges++;
- }
+ if (req.getParameter("certTypeEmail") != null) {
+ r.setExtData(NSCertTypeExtension.EMAIL, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.EMAIL);
+ nChanges++;
+ }
- if (req.getParameter("certTypeObjSigning") != null) {
- r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
- nChanges++;
- }
+ if (req.getParameter("certTypeObjSigning") != null) {
+ r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
+ nChanges++;
+ }
- if (req.getParameter("certTypeEmailCA") != null) {
- r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
- nChanges++;
- }
+ if (req.getParameter("certTypeEmailCA") != null) {
+ r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
+ nChanges++;
+ }
- if (req.getParameter("certTypeSSLCA") != null) {
- r.setExtData(NSCertTypeExtension.SSL_CA, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.SSL_CA);
- nChanges++;
- }
+ if (req.getParameter("certTypeSSLCA") != null) {
+ r.setExtData(NSCertTypeExtension.SSL_CA, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.SSL_CA);
+ nChanges++;
+ }
- if (req.getParameter("certTypeObjSigningCA") != null) {
- r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
- nChanges++;
- }
+ if (req.getParameter("certTypeObjSigningCA") != null) {
+ r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
+ nChanges++;
+ }
return nChanges;
}
-
+
protected static final String GRANT_ERROR = "grantError";
- public static final String
- GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
- public static final String
- GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
- public static final String
- GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
- public static final String
- GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
+ public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
+ public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
+ public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
+ public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
public static final String GRANT_UID = "grantUID";
public static final String GRANT_PRIVILEGE = "grantPrivilege";
protected int grant_privileges(
- CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
- throws EBaseException {
+ CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
+ throws EBaseException {
// get privileges to grant
IArgBlock httpParams = cmsReq.getHttpParams();
- boolean grantTrustedMgr =
- httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
- boolean grantRMAgent =
- httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
- boolean grantCMAgent =
- httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
- boolean grantDRMAgent =
- httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
-
- if (!grantTrustedMgr &&
- !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
+ boolean grantTrustedMgr =
+ httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
+ boolean grantRMAgent =
+ httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
+ boolean grantCMAgent =
+ httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
+ boolean grantDRMAgent =
+ httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
+
+ if (!grantTrustedMgr &&
+ !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
return 0;
} else {
IAuthToken authToken = getAuthToken(req);
@@ -1669,7 +1642,7 @@ public class ProcessCertReq extends CMSServlet {
if (grantTrustedMgr)
obj[0] = TRUSTED_RA_GROUP;
- else if (grantRMAgent)
+ else if (grantRMAgent)
obj[0] = RA_AGENT_GROUP;
else if (grantCMAgent)
obj[0] = CA_AGENT_GROUP;
@@ -1696,22 +1669,22 @@ public class ProcessCertReq extends CMSServlet {
groupname = TRUSTED_RA_GROUP;
userType = Constants.PR_SUBSYSTEM_TYPE;
} else {
- if (grantCMAgent)
+ if (grantCMAgent)
groupname = CA_AGENT_GROUP;
- else if (grantRMAgent)
+ else if (grantRMAgent)
groupname = RA_AGENT_GROUP;
if (grantDRMAgent) {
- if (groupname != null)
+ if (groupname != null)
groupname1 = KRA_AGENT_GROUP;
- else
+ else
groupname = KRA_AGENT_GROUP;
}
userType = Constants.PR_AGENT_TYPE;
}
- String privilege =
- (groupname1 == null) ? groupname : groupname + " and " + groupname1;
+ String privilege =
+ (groupname1 == null) ? groupname : groupname + " and " + groupname1;
header.addStringValue(GRANT_PRIVILEGE, privilege);
@@ -1727,23 +1700,23 @@ public class ProcessCertReq extends CMSServlet {
IGroup group = ug.findGroup(groupname), group1 = null;
if (group == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname));
}
if (groupname1 != null) {
group1 = ug.findGroup(groupname1);
if (group1 == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1));
}
}
try {
ug.addUser(user);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid));
}
try {
@@ -1752,11 +1725,11 @@ public class ProcessCertReq extends CMSServlet {
user.setX509Certificates(tmp);
}
-
+
ug.addUserCert(user);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid));
}
try {
@@ -1765,44 +1738,44 @@ public class ProcessCertReq extends CMSServlet {
// for audit log
SessionContext sContext = SessionContext.getContext();
String adminId = (String) sContext.get(SessionContext.USER_ID);
-
+
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {adminId, uid, groupname}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { adminId, uid, groupname }
+ );
if (group1 != null) {
group1.addMemberName(uid);
ug.modifyGroup(group1);
-
+
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {adminId, uid, groupname1}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { adminId, uid, groupname1 }
+ );
}
} catch (Exception e) {
- String msg =
- "Could not add user " + uid + " to group " + groupname;
+ String msg =
+ "Could not add user " + uid + " to group " + groupname;
if (group1 != null)
msg += " or group " + groupname1;
log(ILogger.LL_FAILURE, msg);
- if (group1 == null)
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname));
- else
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
+ if (group1 == null)
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname));
+ else
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
}
return 1;
}
/**
* Signed Audit Log Info Name
- *
+ *
* This method is called to obtain the "InfoName" for
* a signed audit log message.
* <P>
- *
+ *
* @param type signed audit log request processing type
* @return id string containing the signed audit log message InfoName
*/
@@ -1833,11 +1806,11 @@ public class ProcessCertReq extends CMSServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param x509cert an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1891,38 +1864,38 @@ public class ProcessCertReq extends CMSServlet {
}
}
-
class RAReqCompletedFiller extends ImportCertsTemplateFiller {
private static final String RA_AGENT_GROUP = "Registration Manager Agents";
private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents";
+
public RAReqCompletedFiller() {
super();
}
public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+ throws Exception {
Object[] results = (Object[]) cmsReq.getResult();
Object grantError = results[1];
//X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
Certificate[] issuedCerts = (Certificate[]) results[0];
-
+
cmsReq.setResult(issuedCerts);
- CMSTemplateParams params =
- super.getTemplateParams(cmsReq, authority, locale, e);
+ CMSTemplateParams params =
+ super.getTemplateParams(cmsReq, authority, locale, e);
if (grantError != null) {
IArgBlock header = params.getHeader();
if (grantError instanceof String) {
header.addStringValue(
- ProcessCertReq.GRANT_ERROR, (String) grantError);
+ ProcessCertReq.GRANT_ERROR, (String) grantError);
} else {
EBaseException ex = (EBaseException) grantError;
header.addStringValue(
- ProcessCertReq.GRANT_ERROR, ex.toString(locale));
+ ProcessCertReq.GRANT_ERROR, ex.toString(locale));
}
IArgBlock httpParams = cmsReq.getHttpParams();
String uid = httpParams.getValueAsString(
@@ -1941,7 +1914,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
if (grantDRMAgent) {
if (privilege != null)
privilege += " and " + KRA_AGENT_GROUP;
- else
+ else
privilege = KRA_AGENT_GROUP;
}
header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege);
@@ -1949,4 +1922,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
index 0ac27197..78f047d2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.util.Locale;
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display Generic Request detail to the user.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProcessReq extends CMSServlet {
@@ -74,8 +72,8 @@ public class ProcessReq extends CMSServlet {
private IReqParser mParser = null;
private String[] mSigningAlgorithms = null;
- private static String[] DEF_SIGNING_ALGORITHMS = new String[]
- {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"};
+ private static String[] DEF_SIGNING_ALGORITHMS = new String[]
+ { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA" };
/**
* Process request.
@@ -90,11 +88,12 @@ public class ProcessReq extends CMSServlet {
* The initialization parameter 'parser' is read from the
* servlet configration, and is used to set the type of request.
* The value of this parameter can be:
- * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
- * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
- * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
- * </UL>
- *
+ * <UL>
+ * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
+ * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
+ * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
+ * </UL>
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -111,13 +110,13 @@ public class ProcessReq extends CMSServlet {
mParser = CertReqParser.DETAIL_PARSER;
else if (tmp.trim().equals("KeyReqParser.PARSER"))
mParser = KeyReqParser.PARSER;
- }
+ }
// override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
mTemplates.remove(CMSRequest.ERROR);
- if (mOutputTemplatePath != null)
+ if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
@@ -125,10 +124,9 @@ public class ProcessReq extends CMSServlet {
* Process the HTTP request.
* <ul>
* <li>http.param seqNum
- * <li>http.param doAssign reassign request. Value can be reassignToMe
- * reassignToNobody
+ * <li>http.param doAssign reassign request. Value can be reassignToMe reassignToNobody
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -152,10 +150,10 @@ public class ProcessReq extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- "Error getting template " + mFormPath + " Error " + e);
+ log(ILogger.LL_FAILURE,
+ "Error getting template " + mFormPath + " Error " + e);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -172,8 +170,8 @@ public class ProcessReq extends CMSServlet {
if (doAssign == null) {
authzToken = authorize(mAclMethod, authToken,
mAuthzResourceName, "read");
- } else if (doAssign.equals("toMe") ||
- doAssign.equals("reassignToMe")) {
+ } else if (doAssign.equals("toMe") ||
+ doAssign.equals("reassignToMe")) {
authzToken = authorize(mAclMethod, authToken,
mAuthzResourceName, "assign");
} else if (doAssign.equals("reassignToNobody")) {
@@ -182,10 +180,10 @@ public class ProcessReq extends CMSServlet {
}
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -193,19 +191,19 @@ public class ProcessReq extends CMSServlet {
return;
}
- process(argSet, header, seqNum, req, resp,
- doAssign, locale[0]);
+ process(argSet, header, seqNum, req, resp,
+ doAssign, locale[0]);
} else {
log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
error = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
- String.valueOf(seqNum)));
+ CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+ String.valueOf(seqNum)));
}
} catch (EBaseException e) {
error = e;
} catch (NumberFormatException e) {
error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT"));
- }
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -213,46 +211,46 @@ public class ProcessReq extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- String output = form.getOutput(argSet);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ String output = form.getOutput(argSet);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setError(error);
cmsReq.setStatus(CMSRequest.ERROR);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- "Error getting servlet output stream for rendering template. " +
- "Error " + e);
+ log(ILogger.LL_FAILURE,
+ "Error getting servlet output stream for rendering template. " +
+ "Error " + e);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
}
/**
- * Sends request information to the calller.
+ * Sends request information to the calller.
* returns whether there was an error or not.
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int seqNum, HttpServletRequest req,
- HttpServletResponse resp,
- String doAssign, Locale locale)
- throws EBaseException {
+ int seqNum, HttpServletRequest req,
+ HttpServletResponse resp,
+ String doAssign, Locale locale)
+ throws EBaseException {
header.addIntegerValue("seqNum", seqNum);
- IRequest r =
- mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
+ IRequest r =
+ mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
if (r != null) {
if (doAssign != null) {
if ((doAssign.equals("toMe"))
- || (doAssign.equals("reassignToMe"))) {
+ || (doAssign.equals("reassignToMe"))) {
SessionContext ctx = SessionContext.getContext();
String id = (String) ctx.get(SessionContext.USER_ID);
@@ -265,14 +263,14 @@ public class ProcessReq extends CMSServlet {
}
// add authority names to know what privileges can be requested.
- if (CMS.getSubsystem("kra") != null)
+ if (CMS.getSubsystem("kra") != null)
header.addStringValue("localkra", "yes");
- if (CMS.getSubsystem("ca") != null)
+ if (CMS.getSubsystem("ca") != null)
header.addStringValue("localca", "yes");
- if (CMS.getSubsystem("ra") != null)
+ if (CMS.getSubsystem("ra") != null)
header.addStringValue("localra", "yes");
- // DONT NEED TO DO THIS FOR DRM
+ // DONT NEED TO DO THIS FOR DRM
if (mAuthority instanceof ICertAuthority) {
// Check/set signing algorithms dynamically.
// In RA mSigningAlgorithms could be null at startup if CA is not
@@ -281,15 +279,15 @@ public class ProcessReq extends CMSServlet {
String[] allAlgorithms = mSigningAlgorithms;
if (allAlgorithms == null) {
- allAlgorithms = mSigningAlgorithms =
+ allAlgorithms = mSigningAlgorithms =
((ICertAuthority) mAuthority).getCASigningAlgorithms();
if (allAlgorithms == null) {
CMS.debug(
- "ProcessReq: signing algorithms set to All algorithms");
+ "ProcessReq: signing algorithms set to All algorithms");
allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS;
- } else
+ } else
CMS.debug(
- "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
+ "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
}
String validAlgorithms = null;
StringBuffer sb = new StringBuffer();
@@ -310,10 +308,10 @@ public class ProcessReq extends CMSServlet {
if (signingAlgorithm != null)
header.addStringValue("caSigningAlgorithm", signingAlgorithm);
header.addLongValue("defaultValidityLength",
- ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
+ ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
} else if (mAuthority instanceof IRegistrationAuthority) {
header.addLongValue("defaultValidityLength",
- ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
+ ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
}
X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert();
@@ -328,8 +326,8 @@ public class ProcessReq extends CMSServlet {
} else {
log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
- String.valueOf(seqNum)));
+ CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+ String.valueOf(seqNum)));
}
return;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
index 036bd5d0..3a12819f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Show paged list of requests matching search criteria
- *
+ *
* @version $Revision$, $Date$
*/
public class QueryReq extends CMSServlet {
@@ -61,7 +59,7 @@ public class QueryReq extends CMSServlet {
private final static String IN_SHOW_ALL = "showAll";
private final static String IN_SHOW_WAITING = "showWaiting";
private final static String IN_SHOW_IN_SERVICE = "showInService";
- private final static String IN_SHOW_PENDING= "showPending";
+ private final static String IN_SHOW_PENDING = "showPending";
private final static String IN_SHOW_CANCELLED = "showCancelled";
private final static String IN_SHOW_REJECTED = "showRejected";
private final static String IN_SHOW_COMPLETED = "showCompleted";
@@ -94,8 +92,8 @@ public class QueryReq extends CMSServlet {
private final static String OUT_COMMENTS = "requestorComments";
private final static String OUT_SERIALNO = "serialNumber";
private final static String OUT_OWNER_NAME = "ownerName";
- private final static String OUT_PUBLIC_KEY_INFO =
- "subjectPublicKeyInfo";
+ private final static String OUT_PUBLIC_KEY_INFO =
+ "subjectPublicKeyInfo";
private final static String OUT_ERROR = "error";
private final static String OUT_AUTHORITY_ID = "authorityid";
@@ -119,7 +117,7 @@ public class QueryReq extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "queryReq.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -142,7 +140,7 @@ public class QueryReq extends CMSServlet {
mParser = CertReqParser.DETAIL_PARSER;
else if (tmp.trim().equals("KeyReqParser.PARSER"))
mParser = KeyReqParser.PARSER;
- }
+ }
// override success and error templates to null -
// handle templates locally.
@@ -152,7 +150,7 @@ public class QueryReq extends CMSServlet {
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
-
+
private String getRequestType(String p) {
String filter = "(requestType=*)";
@@ -212,348 +210,338 @@ public class QueryReq extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param reqState request state
- * (one of showAll, showWaiting, showInService,
- * showCancelled, showRejected, showCompleted)
+ * <li>http.param reqState request state (one of showAll, showWaiting, showInService, showCancelled, showRejected, showCompleted)
* <li>http.param reqType
- * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if
- * when paging down
- * seqNumFromDown starts with 0x)
- * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if
- * when paging up
- * seqNumFromUp starts with 0x)
+ * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if when paging down seqNumFromDown starts with 0x)
+ * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if when paging up seqNumFromUp starts with 0x)
* <li>http.param maxCount maximum number of records to show
* <li>http.param totalCount total number of records in set of pages
* <li>http.param direction "up", "down", "begin", or "end"
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
- CMS.debug("in QueryReq servlet");
-
- // Authentication / Authorization
-
- HttpServletRequest req = cmsReq.getHttpReq();
- IAuthToken authToken = authenticate(cmsReq);
- AuthzToken authzToken = null;
-
- try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
- } catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- } catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- }
- if (authzToken == null) {
- cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
- return;
- }
-
-
-
-
- CMSTemplate form = null;
- Locale[] locale = new Locale[1];
-
- try {
- // if get a EBaseException we just throw it.
- form = getTemplate(mFormPath, req, locale);
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
- }
-
- /**
- * WARNING:
- *
- * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
- *
- **/
- String filter = null;
- String reqState = req.getParameter("reqState");
- String reqType = req.getParameter("reqType");
-
- if (reqState == null || reqType == null) {
- filter = "(requeststate=*)";
- } else if (reqState.equals(IN_SHOW_ALL) &&
- reqType.equals(IN_SHOW_ALL)) {
- filter = "(requeststate=*)";
- } else if (reqState.equals(IN_SHOW_ALL)) {
- filter = getRequestType(reqType);
- } else if (reqType.equals(IN_SHOW_ALL)) {
- filter = getRequestState(reqState);
- } else {
- filter = "(&" + getRequestState(reqState) +
- getRequestType(reqType) + ")";
- }
-
- String direction = "begin";
- if (req.getParameter("direction") != null) {
- direction = req.getParameter("direction").trim();
- }
-
-
- int top=0, bottom=0;
-
- try {
- String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
- if (top_s == null) top_s = "0";
-
- String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
- if (bottom_s == null) bottom_s = "0";
-
- if (top_s.trim().startsWith("0x")) {
- top = Integer.parseInt(top_s.trim().substring(2), 16);
- } else {
- top = Integer.parseInt(top_s.trim());
- }
- if (bottom_s.trim().startsWith("0x")) {
- bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
- } else {
- bottom = Integer.parseInt(bottom_s.trim());
- }
-
- } catch (NumberFormatException e) {
-
- }
-
- // avoid NumberFormatException to the user interface
- int maxCount = 10;
- try {
- maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
- } catch (Exception e) {
- }
+ CMS.debug("in QueryReq servlet");
+
+ // Authentication / Authorization
+
+ HttpServletRequest req = cmsReq.getHttpReq();
+ IAuthToken authToken = authenticate(cmsReq);
+ AuthzToken authzToken = null;
+
+ try {
+ authzToken = authorize(mAclMethod, authToken,
+ mAuthzResourceName, "list");
+ } catch (EAuthzAccessDenied e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ }
+ if (authzToken == null) {
+ cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ return;
+ }
+
+ CMSTemplate form = null;
+ Locale[] locale = new Locale[1];
+
+ try {
+ // if get a EBaseException we just throw it.
+ form = getTemplate(mFormPath, req, locale);
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ }
+
+ /**
+ * WARNING:
+ *
+ * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
+ *
+ **/
+ String filter = null;
+ String reqState = req.getParameter("reqState");
+ String reqType = req.getParameter("reqType");
+
+ if (reqState == null || reqType == null) {
+ filter = "(requeststate=*)";
+ } else if (reqState.equals(IN_SHOW_ALL) &&
+ reqType.equals(IN_SHOW_ALL)) {
+ filter = "(requeststate=*)";
+ } else if (reqState.equals(IN_SHOW_ALL)) {
+ filter = getRequestType(reqType);
+ } else if (reqType.equals(IN_SHOW_ALL)) {
+ filter = getRequestState(reqState);
+ } else {
+ filter = "(&" + getRequestState(reqState) +
+ getRequestType(reqType) + ")";
+ }
+
+ String direction = "begin";
+ if (req.getParameter("direction") != null) {
+ direction = req.getParameter("direction").trim();
+ }
+
+ int top = 0, bottom = 0;
+
+ try {
+ String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
+ if (top_s == null)
+ top_s = "0";
+
+ String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
+ if (bottom_s == null)
+ bottom_s = "0";
+
+ if (top_s.trim().startsWith("0x")) {
+ top = Integer.parseInt(top_s.trim().substring(2), 16);
+ } else {
+ top = Integer.parseInt(top_s.trim());
+ }
+ if (bottom_s.trim().startsWith("0x")) {
+ bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
+ } else {
+ bottom = Integer.parseInt(bottom_s.trim());
+ }
+
+ } catch (NumberFormatException e) {
+
+ }
+
+ // avoid NumberFormatException to the user interface
+ int maxCount = 10;
+ try {
+ maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
+ } catch (Exception e) {
+ }
if (maxCount > mMaxReturns) {
CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
maxCount = mMaxReturns;
}
- HttpServletResponse resp = cmsReq.getHttpResp();
- CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom );
-
-
- argset.getFixed().addStringValue("reqType",reqType);
+ HttpServletResponse resp = cmsReq.getHttpResp();
+ CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom);
+
+ argset.getFixed().addStringValue("reqType", reqType);
argset.getFixed().addStringValue("reqState", reqState);
- argset.getFixed().addIntegerValue("maxCount",maxCount);
-
-
- try {
- form.getOutput(argset);
- resp.setContentType("text/html");
- form.renderOutput(resp.getOutputStream(), argset);
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
- }
- cmsReq.setStatus(CMSRequest.SUCCESS);
- return;
+ argset.getFixed().addIntegerValue("maxCount", maxCount);
+
+ try {
+ form.getOutput(argset);
+ resp.setContentType("text/html");
+ form.renderOutput(resp.getOutputStream(), argset);
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ }
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ return;
}
/**
* Perform search based on direction button pressed
+ *
* @param filter ldap filter indicating which VLV to search through. This can be
- * 'all requests', 'pending', etc
+ * 'all requests', 'pending', etc
* @param count the number of requests to show per page
* @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end)
- * @param top the number of the request shown on at the top of the current page
+ * @param top the number of the request shown on at the top of the current page
* @param bottom the number of the request shown on at the bottom of the current page
- * @return
+ * @return
*/
-
+
private CMSTemplateParams doSearch(Locale l, String filter,
- int count, String direction, int top, int bottom)
- {
- CMSTemplateParams ctp = null;
- if (direction.equals("previous")) {
- ctp = doSearch(l, filter, -count, top-1);
- } else if (direction.equals("next")) {
- ctp = doSearch(l,filter, count, bottom+1);
- } else if (direction.equals("begin")) {
- ctp = doSearch(l,filter, count, 0);
- } else if (direction.equals("first")) {
- ctp = doSearch(l,filter, count, bottom);
- } else { // if 'direction is 'end', default here
- ctp = doSearch(l,filter, -count, -1);
- }
- return ctp;
+ int count, String direction, int top, int bottom) {
+ CMSTemplateParams ctp = null;
+ if (direction.equals("previous")) {
+ ctp = doSearch(l, filter, -count, top - 1);
+ } else if (direction.equals("next")) {
+ ctp = doSearch(l, filter, count, bottom + 1);
+ } else if (direction.equals("begin")) {
+ ctp = doSearch(l, filter, count, 0);
+ } else if (direction.equals("first")) {
+ ctp = doSearch(l, filter, count, bottom);
+ } else { // if 'direction is 'end', default here
+ ctp = doSearch(l, filter, -count, -1);
+ }
+ return ctp;
}
-
-
-
- /**
- *
- * @param locale
- * @param filter the types of requests to return - this must match the VLV index
- * @param count maximum number of records to return
- * @param marker indication of the request ID where the page is anchored
- * @return
- */
+
+ /**
+ *
+ * @param locale
+ * @param filter the types of requests to return - this must match the VLV index
+ * @param count maximum number of records to return
+ * @param marker indication of the request ID where the page is anchored
+ * @return
+ */
private CMSTemplateParams doSearch(
- Locale locale,
- String filter,
- int count,
- int marker) {
-
- IArgBlock header = CMS.createArgBlock();
- IArgBlock context = CMS.createArgBlock();
- CMSTemplateParams argset = new CMSTemplateParams(header, context);
-
- try {
- long startTime = CMS.getCurrentDate().getTime();
- // preserve the type of request that we are
- // requesting.
-
- header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
- header.addStringValue(OUT_REQUESTING_USER, "admin");
-
-
- boolean jumptoend = false;
- if (marker == -1) {
- marker = 0; // I think this is inconsequential
- jumptoend = true; // override to '99' during search
- }
-
- RequestId id = new RequestId(Integer.toString(marker));
- IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
- id,
- jumptoend,
- filter,
- count+1,
- "requestId");
-
- int totalCount = list.getSize() - list.getCurrentIndex();
- header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
- header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
-
- int numEntries = list.getSize() - list.getCurrentIndex();
-
- Vector v = fetchRecords(list,Math.abs(count));
- v = normalizeOrder(v);
- trim(v,id);
-
-
- int currentCount = 0;
- int curNum = 0;
- int firstNum = -1;
- Enumeration requests = v.elements();
-
- while (requests.hasMoreElements()) {
- IRequest request = null;
- try {
- request = (IRequest) requests.nextElement();
- } catch (Exception e) {
- CMS.debug("Error displaying request:"+e.getMessage());
- // handled below
- }
- if (request == null) {
- log(ILogger.LL_WARN, "Error display request on page");
- continue;
- }
-
- curNum = Integer.parseInt(
- request.getRequestId().toString());
-
- if (firstNum == -1) {
- firstNum = curNum;
- }
-
- IArgBlock rec = CMS.createArgBlock();
- mParser.fillRequestIntoArg(locale, request, argset, rec);
- mQueue.releaseRequest(request);
- argset.addRepeatRecord(rec);
-
- currentCount++;
-
- }// while
- long endTime = CMS.getCurrentDate().getTime();
-
- header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
- header.addStringValue("time", Long.toString(endTime - startTime));
- header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
- header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
-
- } catch (EBaseException e) {
- header.addStringValue(OUT_ERROR, e.toString(locale));
- } catch (Exception e) {
- }
- return argset;
-
+ Locale locale,
+ String filter,
+ int count,
+ int marker) {
+
+ IArgBlock header = CMS.createArgBlock();
+ IArgBlock context = CMS.createArgBlock();
+ CMSTemplateParams argset = new CMSTemplateParams(header, context);
+
+ try {
+ long startTime = CMS.getCurrentDate().getTime();
+ // preserve the type of request that we are
+ // requesting.
+
+ header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
+ header.addStringValue(OUT_REQUESTING_USER, "admin");
+
+ boolean jumptoend = false;
+ if (marker == -1) {
+ marker = 0; // I think this is inconsequential
+ jumptoend = true; // override to '99' during search
+ }
+
+ RequestId id = new RequestId(Integer.toString(marker));
+ IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
+ id,
+ jumptoend,
+ filter,
+ count + 1,
+ "requestId");
+
+ int totalCount = list.getSize() - list.getCurrentIndex();
+ header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
+ header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
+
+ int numEntries = list.getSize() - list.getCurrentIndex();
+
+ Vector v = fetchRecords(list, Math.abs(count));
+ v = normalizeOrder(v);
+ trim(v, id);
+
+ int currentCount = 0;
+ int curNum = 0;
+ int firstNum = -1;
+ Enumeration requests = v.elements();
+
+ while (requests.hasMoreElements()) {
+ IRequest request = null;
+ try {
+ request = (IRequest) requests.nextElement();
+ } catch (Exception e) {
+ CMS.debug("Error displaying request:" + e.getMessage());
+ // handled below
+ }
+ if (request == null) {
+ log(ILogger.LL_WARN, "Error display request on page");
+ continue;
+ }
+
+ curNum = Integer.parseInt(
+ request.getRequestId().toString());
+
+ if (firstNum == -1) {
+ firstNum = curNum;
+ }
+
+ IArgBlock rec = CMS.createArgBlock();
+ mParser.fillRequestIntoArg(locale, request, argset, rec);
+ mQueue.releaseRequest(request);
+ argset.addRepeatRecord(rec);
+
+ currentCount++;
+
+ }// while
+ long endTime = CMS.getCurrentDate().getTime();
+
+ header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
+ header.addStringValue("time", Long.toString(endTime - startTime));
+ header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
+ header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
+
+ } catch (EBaseException e) {
+ header.addStringValue(OUT_ERROR, e.toString(locale));
+ } catch (Exception e) {
+ }
+ return argset;
+
}
/**
* If the vector contains the marker element at the end, remove it.
- * @param v The vector to trim
- * @param marker the marker to look for.
+ *
+ * @param v The vector to trim
+ * @param marker the marker to look for.
+ */
+ private void trim(Vector v, RequestId marker) {
+ int i = v.size() - 1;
+ if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) {
+ v.remove(i);
+ }
+
+ }
+
+ /**
+ * Sometimes the list comes back from LDAP in reverse order. This function makes
+ * sure the results are in 'forward' order.
+ *
+ * @param list
+ * @return
*/
- private void trim(Vector v, RequestId marker) {
- int i = v.size()-1;
- if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) {
- v.remove(i);
- }
-
- }
-
- /**
- * Sometimes the list comes back from LDAP in reverse order. This function makes
- * sure the results are in 'forward' order.
- * @param list
- * @return
- */
private Vector fetchRecords(IRequestVirtualList list, int maxCount) {
-
- Vector v = new Vector();
- int count = list.getSize();
- int c=0;
- for (int i=0; i<count; i++) {
- IRequest request = list.getElementAt(i);
- if (request != null) {
- v.add(request);
- c++;
- }
- if (c >= maxCount) break;
- }
-
- return v;
+
+ Vector v = new Vector();
+ int count = list.getSize();
+ int c = 0;
+ for (int i = 0; i < count; i++) {
+ IRequest request = list.getElementAt(i);
+ if (request != null) {
+ v.add(request);
+ c++;
+ }
+ if (c >= maxCount)
+ break;
+ }
+
+ return v;
}
/**
* If the requests are in backwards order, reverse the list
+ *
* @param list
* @return
*/
private Vector normalizeOrder(Vector list) {
-
- int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
- .getRequestId().toString());
- int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
- .size() - 1)).getRequestId().toString());
- boolean reverse = false;
- if (firstrequestnum > lastrequestnum) {
- reverse = true; // if the order is backwards, place items at the beginning
- }
- Vector v = new Vector();
- int count = list.size();
- for (int i = 0; i < count; i++) {
- Object request = list.elementAt(i);
- if (request != null) {
- if (reverse)
- v.add(0, request);
- else
- v.add(request);
- }
- }
-
- return v;
+
+ int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
+ .getRequestId().toString());
+ int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
+ .size() - 1)).getRequestId().toString());
+ boolean reverse = false;
+ if (firstrequestnum > lastrequestnum) {
+ reverse = true; // if the order is backwards, place items at the beginning
+ }
+ Vector v = new Vector();
+ int count = list.size();
+ for (int i = 0; i < count; i++) {
+ Object request = list.elementAt(i);
+ if (request != null) {
+ if (reverse)
+ v.add(0, request);
+ else
+ v.add(request);
+ }
+ }
+
+ return v;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
index 29414ca5..00f95ec2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.util.Locale;
import com.netscape.certsrv.base.EBaseException;
@@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
-
/**
* A class representing a request parser.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class ReqParser implements IReqParser {
@@ -51,29 +49,30 @@ public class ReqParser implements IReqParser {
* Maps request object into argument block.
*/
public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ throws EBaseException {
arg.addStringValue(TYPE, req.getRequestType());
- arg.addLongValue("seqNum",
- Long.parseLong(req.getRequestId().toString()));
- arg.addStringValue(STATUS,
- req.getRequestStatus().toString());
- arg.addLongValue(CREATE_ON,
- req.getCreationTime().getTime() / 1000);
- arg.addLongValue(UPDATE_ON,
- req.getModificationTime().getTime() / 1000);
+ arg.addLongValue("seqNum",
+ Long.parseLong(req.getRequestId().toString()));
+ arg.addStringValue(STATUS,
+ req.getRequestStatus().toString());
+ arg.addLongValue(CREATE_ON,
+ req.getCreationTime().getTime() / 1000);
+ arg.addLongValue(UPDATE_ON,
+ req.getModificationTime().getTime() / 1000);
String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY);
- if (updatedBy == null) updatedBy = "";
+ if (updatedBy == null)
+ updatedBy = "";
arg.addStringValue(UPDATE_BY, updatedBy);
SessionContext ctx = SessionContext.getContext();
- String id = (String) ctx.get(SessionContext.USER_ID);
+ String id = (String) ctx.get(SessionContext.USER_ID);
arg.addStringValue("callerName", id);
-
+
String owner = req.getRequestOwner();
- if (owner != null)
+ if (owner != null)
arg.addStringValue("assignedTo", owner);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
index 04b21440..5fc05bb2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Search for certificates matching complex query filter
- *
+ *
* @version $Revision$, $Date$
*/
public class SearchReqs extends CMSServlet {
@@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses queryReq.template
- * to render the response
+ * initialize the servlet. This servlet uses queryReq.template
+ * to render the response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -154,10 +153,10 @@ public class SearchReqs extends CMSServlet {
/**
* Serves HTTP request. This format of this request is as follows:
- * queryCert?
- * [maxCount=<number>]
- * [queryFilter=<filter>]
- * [revokeAll=<filter>]
+ * queryCert?
+ * [maxCount=<number>]
+ * [queryFilter=<filter>]
+ * [revokeAll=<filter>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -172,10 +171,10 @@ public class SearchReqs extends CMSServlet {
mAuthzResourceName, "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -198,10 +197,10 @@ public class SearchReqs extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -215,10 +214,10 @@ public class SearchReqs extends CMSServlet {
timeLimit = Integer.parseInt(timeLimitStr);
process(argSet, header, req.getParameter("queryRequestFilter"), authToken,
- maxResults, timeLimit, req, resp, locale[0]);
+ maxResults, timeLimit, req, resp, locale[0]);
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -229,33 +228,33 @@ public class SearchReqs extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- cmsReq.setStatus(CMSRequest.SUCCESS);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet, IArgBlock header,
- String filter, IAuthToken token,
- int maxResults, int timeLimit,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String filter, IAuthToken token,
+ int maxResults, int timeLimit,
+ HttpServletRequest req, HttpServletResponse resp,
+ Locale locale)
+ throws EBaseException {
try {
long startTime = CMS.getCurrentDate().getTime();
@@ -272,12 +271,12 @@ public class SearchReqs extends CMSServlet {
} else {
if (owner.equals("self")) {
String self_uid = token.getInString(IAuthToken.USER_ID);
- requestowner_filter = "(requestowner="+self_uid+")";
+ requestowner_filter = "(requestowner=" + self_uid + ")";
} else {
String uid = req.getParameter("uid");
- requestowner_filter = "(requestowner="+uid+")";
+ requestowner_filter = "(requestowner=" + uid + ")";
}
- newfilter = "(&"+requestowner_filter+filter.substring(2);
+ newfilter = "(&" + requestowner_filter + filter.substring(2);
}
// xxx the filter includes serial number range???
if (maxResults == -1 || maxResults > mMaxReturns) {
@@ -289,8 +288,8 @@ public class SearchReqs extends CMSServlet {
timeLimit = mTimeLimits;
}
IRequestList list = (timeLimit > 0) ?
- mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
- mQueue.listRequestsByFilter(newfilter, maxResults);
+ mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
+ mQueue.listRequestsByFilter(newfilter, maxResults);
int count = 0;
@@ -323,7 +322,8 @@ public class SearchReqs extends CMSServlet {
int i = filter.indexOf(CURRENT_TIME, k);
while (i > -1) {
- if (now == null) now = new Date();
+ if (now == null)
+ now = new Date();
newFilter.append(filter.substring(k, i));
newFilter.append(now.getTime());
k = i + CURRENT_TIME.length();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
index ca785565..3a6dda64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -50,14 +50,12 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.symkey.SessionKey;
-
-
/**
* A class representings an administration servlet for Token Key
- * Service Authority. This servlet is responsible to serve
- * tks administrative operation such as configuration
+ * Service Authority. This servlet is responsible to serve
+ * tks administrative operation such as configuration
* parameter updates.
- *
+ *
* @version $Revision$, $Date$
*/
public class TokenServlet extends CMSServlet {
@@ -66,66 +64,53 @@ public class TokenServlet extends CMSServlet {
*/
private static final long serialVersionUID = 8687436109695172791L;
protected static final String PROP_ENABLED = "enabled";
- protected static final String TRANSPORT_KEY_NAME ="sharedSecret";
+ protected static final String TRANSPORT_KEY_NAME = "sharedSecret";
private final static String INFO = "TokenServlet";
public static int ERROR = 1;
private ITKSAuthority mTKS = null;
private String mSelectedToken = null;
private String mNewSelectedToken = null;
String mKeyNickName = null;
- String mNewKeyNickName = null;
+ String mNewKeyNickName = null;
private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
- "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+ "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
-
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
+ "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
+ "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
+ "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
+ "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
+ "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
+ "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
/**
* Constructs tks servlet.
@@ -135,14 +120,13 @@ public class TokenServlet extends CMSServlet {
}
- public static String trim(String a)
- {
- StringBuffer newa = new StringBuffer();
+ public static String trim(String a) {
+ StringBuffer newa = new StringBuffer();
StringTokenizer tokens = new StringTokenizer(a, "\n");
- while (tokens.hasMoreTokens()) {
- newa.append(tokens.nextToken());
- }
- return newa.toString();
+ while (tokens.hasMoreTokens()) {
+ newa.append(tokens.nextToken());
+ }
+ return newa.toString();
}
public void init(ServletConfig config) throws ServletException {
@@ -151,18 +135,19 @@ public class TokenServlet extends CMSServlet {
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
- * Process the HTTP request.
- *
+
+ /**
+ * Process the HTTP request.
+ *
* @param s The URL to decode.
*/
- protected String URLdecode(String s) {
+ protected String URLdecode(String s) {
if (s == null)
return null;
ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -182,62 +167,59 @@ public class TokenServlet extends CMSServlet {
}
} // end for
return out.toString();
- }
+ }
+
+ private void setDefaultSlotAndKeyName(HttpServletRequest req) {
+ try {
- private void setDefaultSlotAndKeyName(HttpServletRequest req)
- {
- try {
+ String keySet = req.getParameter("keySet");
+ if (keySet == null || keySet.equals("")) {
+ keySet = "defKeySet";
+ }
+ CMS.debug("keySet selected: " + keySet);
- String keySet = req.getParameter("keySet");
- if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
- }
- CMS.debug("keySet selected: " + keySet);
+ mNewSelectedToken = null;
- mNewSelectedToken = null;
-
- mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
- String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
- String temp = req.getParameter("KeyInfo"); //#xx#xx
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
- if(mappingValue!=null)
- {
- StringTokenizer st = new StringTokenizer(mappingValue, ":");
- int tokenNumber=0;
- while (st.hasMoreTokens()) {
-
- String currentToken= st.nextToken();
- if(tokenNumber==0)
- mSelectedToken = currentToken;
- else if(tokenNumber==1)
- mKeyNickName = currentToken;
- tokenNumber++;
-
- }
+ mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
+ String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
+ String temp = req.getParameter("KeyInfo"); //#xx#xx
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+ if (mappingValue != null) {
+ StringTokenizer st = new StringTokenizer(mappingValue, ":");
+ int tokenNumber = 0;
+ while (st.hasMoreTokens()) {
+
+ String currentToken = st.nextToken();
+ if (tokenNumber == 0)
+ mSelectedToken = currentToken;
+ else if (tokenNumber == 1)
+ mKeyNickName = currentToken;
+ tokenNumber++;
+
+ }
}
- if(req.getParameter("newKeyInfo")!=null) // for diversification
+ if (req.getParameter("newKeyInfo") != null) // for diversification
{
- temp = req.getParameter("newKeyInfo"); //#xx#xx
- String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
- String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
- if(newMappingValue!=null)
- {
- StringTokenizer st = new StringTokenizer(newMappingValue, ":");
- int tokenNumber=0;
- while (st.hasMoreTokens()) {
- String currentToken= st.nextToken();
- if(tokenNumber==0)
- mNewSelectedToken = currentToken;
- else if(tokenNumber==1)
- mNewKeyNickName = currentToken;
- tokenNumber++;
-
- }
+ temp = req.getParameter("newKeyInfo"); //#xx#xx
+ String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+ String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
+ if (newMappingValue != null) {
+ StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+ int tokenNumber = 0;
+ while (st.hasMoreTokens()) {
+ String currentToken = st.nextToken();
+ if (tokenNumber == 0)
+ mNewSelectedToken = currentToken;
+ else if (tokenNumber == 1)
+ mNewKeyNickName = currentToken;
+ tokenNumber++;
+
+ }
}
- }
+ }
- SessionKey.SetDefaultPrefix(masterKeyPrefix);
+ SessionKey.SetDefaultPrefix(masterKeyPrefix);
} catch (Exception e) {
e.printStackTrace();
@@ -247,9 +229,8 @@ public class TokenServlet extends CMSServlet {
}
private void processComputeSessionKey(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
- byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key;
+ HttpServletResponse resp) throws EBaseException {
+ byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key;
byte[] card_crypto, host_cryptogram, input_card_crypto;
byte[] xcard_challenge, xhost_challenge;
byte[] enc_session_key, xkeyInfo;
@@ -257,18 +238,18 @@ public class TokenServlet extends CMSServlet {
String errorMsg = "";
String badParams = "";
String transportKeyName = "";
-
- String rCUID = req.getParameter("CUID");
+
+ String rCUID = req.getParameter("CUID");
String keySet = req.getParameter("keySet");
if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
+ keySet = "defKeySet";
}
CMS.debug("keySet selected: " + keySet);
boolean serversideKeygen = false;
byte[] drm_trans_wrapped_desKey = null;
- PK11SymKey desKey = null;
- // PK11SymKey kek_session_key;
+ PK11SymKey desKey = null;
+ // PK11SymKey kek_session_key;
PK11SymKey kek_key;
IConfigStore sconfig = CMS.getConfigStore();
@@ -278,14 +259,14 @@ public class TokenServlet extends CMSServlet {
card_crypto = null;
host_cryptogram = null;
enc_session_key = null;
- // kek_session_key = null;
+ // kek_session_key = null;
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ (String) sContext.get(SessionContext.USER_ID);
}
auditMessage = CMS.getLogMessage(
@@ -297,19 +278,19 @@ public class TokenServlet extends CMSServlet {
audit(auditMessage);
String kek_wrapped_desKeyString = null;
- String keycheck_s = null;
+ String keycheck_s = null;
CMS.debug("processComputeSessionKey:");
String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
- String rServersideKeygen = (String) req.getParameter("serversideKeygen");
+ String rServersideKeygen = (String) req.getParameter("serversideKeygen");
if (rServersideKeygen.equals("true")) {
- CMS.debug("TokenServlet: serversideKeygen requested");
- serversideKeygen = true;
+ CMS.debug("TokenServlet: serversideKeygen requested");
+ serversideKeygen = true;
} else {
- CMS.debug("TokenServlet: serversideKeygen not requested");
+ CMS.debug("TokenServlet: serversideKeygen not requested");
}
try {
@@ -318,13 +299,12 @@ public class TokenServlet extends CMSServlet {
}
try {
- transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME);
+ transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME);
} catch (EBaseException e) {
}
CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName);
-
String rcard_challenge = req.getParameter("card_challenge");
String rhost_challenge = req.getParameter("host_challenge");
String rKeyInfo = req.getParameter("KeyInfo");
@@ -353,7 +333,6 @@ public class TokenServlet extends CMSServlet {
missingParam = true;
}
-
String selectedToken = null;
String keyNickName = null;
boolean sameCardCrypto = true;
@@ -362,48 +341,48 @@ public class TokenServlet extends CMSServlet {
xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
}
xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length.");
- missingParam = true;
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length.");
+ missingParam = true;
}
- xcard_challenge =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+ xcard_challenge =
+ com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
if (xcard_challenge == null || xcard_challenge.length != 8) {
- badParams += " card_challenge length,";
- CMS.debug("TokenServlet: Invalid card challenge length.");
- missingParam = true;
+ badParams += " card_challenge length,";
+ CMS.debug("TokenServlet: Invalid card challenge length.");
+ missingParam = true;
}
-
+
xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
if (xhost_challenge == null || xhost_challenge.length != 8) {
- badParams += " host_challenge length,";
- CMS.debug("TokenServlet: Invalid host challenge length");
- missingParam = true;
+ badParams += " host_challenge length,";
+ CMS.debug("TokenServlet: Invalid host challenge length");
+ missingParam = true;
}
-
+
}
CUID = null;
if (!missingParam) {
- card_challenge =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-
+ card_challenge =
+ com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+
host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx
String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
if (mappingValue == null) {
- selectedToken =
- CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+ selectedToken =
+ CMS.getConfigStore().getString("tks.defaultSlot", "internal");
keyNickName = rKeyInfo;
} else {
StringTokenizer st = new StringTokenizer(mappingValue, ":");
@@ -419,133 +398,128 @@ public class TokenServlet extends CMSServlet {
byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key"));
CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName);
- session_key = SessionKey.ComputeSessionKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName );
+ session_key = SessionKey.ComputeSessionKey(
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName);
- if(session_key == null)
- {
+ if (session_key == null) {
CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL ");
- throw new Exception("Can't compute session key!");
+ throw new Exception("Can't compute session key!");
- }
+ }
byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
enc_session_key = SessionKey.ComputeEncSessionKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet);
- if(enc_session_key == null)
- {
+ if (enc_session_key == null) {
CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL ");
- throw new Exception("Can't compute enc session key!");
-
+ throw new Exception("Can't compute enc session key!");
+
}
if (serversideKeygen == true) {
/**
- * 0. generate des key
+ * 0. generate des key
* 1. encrypt des key with kek key
* 2. encrypt des key with DRM transport key
* These two wrapped items are to be sent back to
- * TPS. 2nd item is to DRM
+ * TPS. 2nd item is to DRM
**/
CMS.debug("TokenServlet: calling ComputeKekKey");
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
kek_key = SessionKey.ComputeKekKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet);
-
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
CMS.debug("TokenServlet: called ComputeKekKey");
- if(kek_key == null)
- {
+ if (kek_key == null) {
CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL ");
- throw new Exception("Can't compute kek key!");
-
+ throw new Exception("Can't compute kek key!");
+
}
// now use kek key to wrap kek session key..
- CMS.debug("computeSessionKey:kek key len ="+
- kek_key.getLength());
-
- // (1) generate DES key
- /* applet does not support DES3
- org.mozilla.jss.crypto.KeyGenerator kg =
- internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
- desKey = kg.generate();*/
-
- /*
- * XXX GenerateSymkey firt generates a 16 byte DES2 key.
- * It then pads it into a 24 byte key with last
- * 8 bytes copied from the 1st 8 bytes. Effectively
- * making it a 24 byte DES2 key. We need this for
- * wrapping private keys on DRM.
- */
- /*generate it on whichever token the master key is at*/
- if (useSoftToken_s.equals("true")) {
- CMS.debug("TokenServlet: key encryption key generated on internal");
-//cfu audit here? sym key gen
- desKey = SessionKey.GenerateSymkey("internal");
-//cfu audit here? sym key gen done
+ CMS.debug("computeSessionKey:kek key len =" +
+ kek_key.getLength());
+
+ // (1) generate DES key
+ /* applet does not support DES3
+ org.mozilla.jss.crypto.KeyGenerator kg =
+ internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ desKey = kg.generate();*/
+
+ /*
+ * XXX GenerateSymkey firt generates a 16 byte DES2 key.
+ * It then pads it into a 24 byte key with last
+ * 8 bytes copied from the 1st 8 bytes. Effectively
+ * making it a 24 byte DES2 key. We need this for
+ * wrapping private keys on DRM.
+ */
+ /*generate it on whichever token the master key is at*/
+ if (useSoftToken_s.equals("true")) {
+ CMS.debug("TokenServlet: key encryption key generated on internal");
+ //cfu audit here? sym key gen
+ desKey = SessionKey.GenerateSymkey("internal");
+ //cfu audit here? sym key gen done
} else {
- CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
- desKey = SessionKey.GenerateSymkey(selectedToken);
+ CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
+ desKey = SessionKey.GenerateSymkey(selectedToken);
+ }
+ if (desKey != null)
+ CMS.debug("TokenServlet: key encryption key generated for " + rCUID);
+ else {
+ CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID);
+ throw new Exception("can't generate key encryption key");
}
- if (desKey != null)
- CMS.debug("TokenServlet: key encryption key generated for "+rCUID);
- else {
- CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID);
- throw new Exception ("can't generate key encryption key");
- }
-
- /*
- * XXX ECBencrypt actually takes the 24 byte DES2 key
- * and discard the last 8 bytes before it encrypts.
- * This is done so that the applet can digest it
- */
- byte[] encDesKey =
- SessionKey.ECBencrypt( kek_key,
- desKey);
- /*
- CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
- CMS.debug(encDesKey);
- */
+
+ /*
+ * XXX ECBencrypt actually takes the 24 byte DES2 key
+ * and discard the last 8 bytes before it encrypts.
+ * This is done so that the applet can digest it
+ */
+ byte[] encDesKey =
+ SessionKey.ECBencrypt(kek_key,
+ desKey);
+ /*
+ CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
+ CMS.debug(encDesKey);
+ */
kek_wrapped_desKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
-
- // get keycheck
- byte[] keycheck =
- SessionKey.ComputeKeyCheck(desKey);
- /*
- CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
- CMS.debug(keycheck);
- */
- keycheck_s =
- com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
+ com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
+
+ // get keycheck
+ byte[] keycheck =
+ SessionKey.ComputeKeyCheck(desKey);
+ /*
+ CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
+ CMS.debug(keycheck);
+ */
+ keycheck_s =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
//XXX use DRM transport cert to wrap desKey
- String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
+ String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
- if ((drmTransNickname == null) || (drmTransNickname == "")) {
- CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
- throw new Exception("can't find DRM transport certificate nickname");
- } else {
- CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname);
- }
+ if ((drmTransNickname == null) || (drmTransNickname == "")) {
+ CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
+ throw new Exception("can't find DRM transport certificate nickname");
+ } else {
+ CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname);
+ }
X509Certificate drmTransCert = null;
drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname);
// wrap kek session key with DRM transport public key
- CryptoToken token = null;
- if (useSoftToken_s.equals("true")) {
- //token = CryptoManager.getInstance().getTokenByName(selectedToken);
- token = CryptoManager.getInstance().getInternalCryptoToken();
+ CryptoToken token = null;
+ if (useSoftToken_s.equals("true")) {
+ //token = CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoManager.getInstance().getInternalCryptoToken();
} else {
token = CryptoManager.getInstance().getTokenByName(selectedToken);
}
@@ -561,31 +535,29 @@ public class TokenServlet extends CMSServlet {
keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
keyWrapper.initWrap(pubKey, null);
}
- CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() );
+ CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName());
drm_trans_wrapped_desKey = keyWrapper.wrap(desKey);
- CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
+ CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
} // if (serversideKeygen == true)
byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
host_cryptogram = SessionKey.ComputeCryptogram(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet);
- if(host_cryptogram == null)
- {
+ if (host_cryptogram == null) {
CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
- throw new Exception("Can't compute host cryptogram!");
+ throw new Exception("Can't compute host cryptogram!");
}
card_crypto = SessionKey.ComputeCryptogram(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet);
- if(card_crypto == null)
- {
+ if (card_crypto == null) {
CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
- throw new Exception("Can't compute card cryptogram!");
+ throw new Exception("Can't compute card cryptogram!");
}
@@ -595,9 +567,9 @@ public class TokenServlet extends CMSServlet {
throw new Exception("Missing card cryptogram");
}
input_card_crypto =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
+ com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
if (card_crypto.length == input_card_crypto.length) {
- for (int i=0; i<card_crypto.length; i++) {
+ for (int i = 0; i < card_crypto.length; i++) {
if (card_crypto[i] != input_card_crypto[i]) {
sameCardCrypto = false;
break;
@@ -611,15 +583,15 @@ public class TokenServlet extends CMSServlet {
CMS.getLogger().log(ILogger.EV_AUDIT,
ILogger.S_TKS,
- ILogger.LL_INFO,"processComputeSessionKey for CUID=" +
- trim(pp.toHexString(CUID)));
- } catch (Exception e) {
+ ILogger.LL_INFO, "processComputeSessionKey for CUID=" +
+ trim(pp.toHexString(CUID)));
+ } catch (Exception e) {
CMS.debug(e);
CMS.debug("TokenServlet Computing Session Key: " + e.toString());
if (isCryptoValidate)
sameCardCrypto = false;
}
- }
+ }
} // ! missingParam
String value = "";
@@ -632,34 +604,32 @@ public class TokenServlet extends CMSServlet {
String cryptogram = "";
String status = "0";
if (session_key != null && session_key.length > 0) {
- outputString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
- } else {
-
+ outputString =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
+ } else {
+
status = "1";
}
if (enc_session_key != null && enc_session_key.length > 0) {
- encSessionKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
- } else {
+ encSessionKeyString =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
+ } else {
status = "1";
}
-
if (serversideKeygen == true) {
- if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
- drm_trans_wrapped_desKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
- else {
- status = "1";
+ if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
+ drm_trans_wrapped_desKeyString =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
+ else {
+ status = "1";
}
- }
+ }
-
if (host_cryptogram != null && host_cryptogram.length > 0) {
- cryptogram =
- com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
+ cryptogram =
+ com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
} else {
status = "2";
}
@@ -675,32 +645,30 @@ public class TokenServlet extends CMSServlet {
if (missingParam) {
status = "3";
}
-
- if (!status.equals("0")) {
-
-
- if(status.equals("1")) {
- errorMsg = "Problem generating session key info.";
- }
-
- if(status.equals("2")) {
- errorMsg = "Problem creating host_cryptogram.";
- }
-
- if(status.equals("4")) {
- errorMsg = "Problem obtaining token information.";
- }
-
- if(status.equals("3")) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
- }
- errorMsg = "Missing input parameters :" + badParams;
- }
-
- value = "status="+status;
- }
- else {
+
+ if (!status.equals("0")) {
+
+ if (status.equals("1")) {
+ errorMsg = "Problem generating session key info.";
+ }
+
+ if (status.equals("2")) {
+ errorMsg = "Problem creating host_cryptogram.";
+ }
+
+ if (status.equals("4")) {
+ errorMsg = "Problem obtaining token information.";
+ }
+
+ if (status.equals("3")) {
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
+ }
+ errorMsg = "Missing input parameters :" + badParams;
+ }
+
+ value = "status=" + status;
+ } else {
if (serversideKeygen == true) {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
@@ -709,10 +677,10 @@ public class TokenServlet extends CMSServlet {
sb.append("&hostCryptogram=");
sb.append(cryptogram);
sb.append("&encSessionKey=");
- sb.append(encSessionKeyString);
+ sb.append(encSessionKeyString);
sb.append("&kek_wrapped_desKey=");
sb.append(kek_wrapped_desKeyString);
- sb.append("&keycheck=");
+ sb.append("&keycheck=");
sb.append(keycheck_s);
sb.append("&drm_trans_wrapped_desKey=");
sb.append(drm_trans_wrapped_desKeyString);
@@ -722,19 +690,19 @@ public class TokenServlet extends CMSServlet {
sb.append("status=0&");
sb.append("sessionKey=");
sb.append(outputString);
- sb.append("&hostCryptogram=");
- sb.append(cryptogram);
+ sb.append("&hostCryptogram=");
+ sb.append(cryptogram);
sb.append("&encSessionKey=");
sb.append(encSessionKeyString);
value = sb.toString();
}
}
- CMS.debug("TokenServlet:outputString.encode " +value);
+ CMS.debug("TokenServlet:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.length " +value.length());
+ CMS.debug("TokenServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -742,65 +710,65 @@ public class TokenServlet extends CMSServlet {
} catch (IOException e) {
CMS.debug("TokenServlet: " + e.toString());
}
-
- if(status.equals("0")) {
- auditMessage = CMS.getLogMessage(
+ if (status.equals("0")) {
+
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
rCUID,
ILogger.SUCCESS,
status,
agentId,
- isCryptoValidate? "true":"false",
- serversideKeygen? "true":"false",
+ isCryptoValidate ? "true" : "false",
+ serversideKeygen ? "true" : "false",
selectedToken,
keyNickName);
} else {
- auditMessage = CMS.getLogMessage(
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
rCUID,
ILogger.FAILURE,
status,
agentId,
- isCryptoValidate? "true":"false",
- serversideKeygen? "true":"false",
+ isCryptoValidate ? "true" : "false",
+ serversideKeygen ? "true" : "false",
selectedToken,
keyNickName,
errorMsg);
- }
-
+ }
+
audit(auditMessage);
}
private void processDiversifyKey(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
- byte[] KeySetData,KeysValues,CUID,xCUID;
- byte[] xkeyInfo,xnewkeyInfo;
+ HttpServletResponse resp) throws EBaseException {
+ byte[] KeySetData, KeysValues, CUID, xCUID;
+ byte[] xkeyInfo, xnewkeyInfo;
boolean missingParam = false;
String errorMsg = "";
String badParams = "";
IConfigStore sconfig = CMS.getConfigStore();
- String rnewKeyInfo = req.getParameter("newKeyInfo");
+ String rnewKeyInfo = req.getParameter("newKeyInfo");
String newMasterKeyName = req.getParameter("newKeyInfo");
String oldMasterKeyName = req.getParameter("KeyInfo");
- String rCUID =req.getParameter("CUID");
- String auditMessage="";
+ String rCUID = req.getParameter("CUID");
+ String auditMessage = "";
String keySet = req.getParameter("keySet");
if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
+ keySet = "defKeySet";
}
CMS.debug("keySet selected: " + keySet);
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ (String) sContext.get(SessionContext.USER_ID);
}
auditMessage = CMS.getLogMessage(
@@ -813,7 +781,6 @@ public class TokenServlet extends CMSServlet {
audit(auditMessage);
-
if ((rCUID == null) || (rCUID.equals(""))) {
badParams += " CUID,";
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID");
@@ -824,101 +791,101 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo");
missingParam = true;
}
- if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){
+ if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) {
badParams += " KeyInfo,";
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo");
missingParam = true;
}
if (!missingParam) {
- xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
- if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length");
- missingParam = true;
- }
- xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
- if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
- badParams += " NewKeyInfo length,";
- CMS.debug("TokenServlet: Invalid new key info length");
- missingParam = true;
- }
- }
+ xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
+ if (xkeyInfo == null || xkeyInfo.length != 2) {
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length");
+ missingParam = true;
+ }
+ xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
+ if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
+ badParams += " NewKeyInfo length,";
+ CMS.debug("TokenServlet: Invalid new key info length");
+ missingParam = true;
+ }
+ }
String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
KeySetData = null;
String outputString = null;
if (!missingParam) {
- xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
- }
- }
+ xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ if (xCUID == null || xCUID.length != 10) {
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
+ }
+ }
if (!missingParam) {
- CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
- if (mKeyNickName!=null)
- oldMasterKeyName = mKeyNickName;
- if (mNewKeyNickName!=null)
- newMasterKeyName = mNewKeyNickName;
-
- String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
- String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
- String oldSelectedToken = null;
- String oldKeyNickName = null;
- if (oldMappingValue == null) {
- oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- oldKeyNickName = req.getParameter("KeyInfo");
- } else {
- StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
- oldSelectedToken = st.nextToken();
- oldKeyNickName = st.nextToken();
- }
-
- String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
- String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
- String newSelectedToken = null;
- String newKeyNickName = null;
- if (newMappingValue == null) {
- newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- newKeyNickName = rnewKeyInfo;
- } else {
- StringTokenizer st = new StringTokenizer(newMappingValue, ":");
- newSelectedToken = st.nextToken();
- newKeyNickName = st.nextToken();
- }
-
- CMS.debug("process DiversifyKey for oldSelectedToke="+
- oldSelectedToken + " newSelectedToken=" + newSelectedToken +
- " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
- newKeyNickName);
-
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
- KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+ if (mKeyNickName != null)
+ oldMasterKeyName = mKeyNickName;
+ if (mNewKeyNickName != null)
+ newMasterKeyName = mNewKeyNickName;
+
+ String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
+ String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
+ String oldSelectedToken = null;
+ String oldKeyNickName = null;
+ if (oldMappingValue == null) {
+ oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+ oldKeyNickName = req.getParameter("KeyInfo");
+ } else {
+ StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
+ oldSelectedToken = st.nextToken();
+ oldKeyNickName = st.nextToken();
+ }
+
+ String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
+ String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
+ String newSelectedToken = null;
+ String newKeyNickName = null;
+ if (newMappingValue == null) {
+ newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+ newKeyNickName = rnewKeyInfo;
+ } else {
+ StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+ newSelectedToken = st.nextToken();
+ newKeyNickName = st.nextToken();
+ }
+
+ CMS.debug("process DiversifyKey for oldSelectedToke=" +
+ oldSelectedToken + " newSelectedToken=" + newSelectedToken +
+ " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
+ newKeyNickName);
+
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
+ KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
newSelectedToken, oldKeyNickName,
- newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
- if (KeySetData == null || KeySetData.length<=1) {
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot");
- }
-
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID))
- + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName
- +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName);
-
- resp.setContentType("text/html");
-
- if (KeySetData != null) {
- outputString = new String(KeySetData);
- }
+ newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+ if (KeySetData == null || KeySetData.length <= 1) {
+ CMS.getLogger().log(ILogger.EV_AUDIT,
+ ILogger.S_TKS,
+ ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot");
+ }
+
+ CMS.getLogger().log(ILogger.EV_AUDIT,
+ ILogger.S_TKS,
+ ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID))
+ + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName
+ + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName);
+
+ resp.setContentType("text/html");
+
+ if (KeySetData != null) {
+ outputString = new String(KeySetData);
+ }
} // ! missingParam
//CMS.debug("TokenServlet:processDiversifyKey " +outputString);
@@ -928,26 +895,26 @@ public class TokenServlet extends CMSServlet {
String status = "0";
if (KeySetData != null && KeySetData.length > 1) {
- value = "status=0&"+"keySetData=" +
+ value = "status=0&" + "keySetData=" +
com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
- CMS.debug("TokenServlet:process DiversifyKey.encode " +value);
+ CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
} else if (missingParam) {
status = "3";
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters: " + badParams;
value = "status=" + status;
- } else {
+ } else {
errorMsg = "Problem diversifying key data.";
status = "1";
value = "status=" + status;
}
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.length " +value.length());
+ CMS.debug("TokenServlet:outputString.length " + value.length());
- try{
+ try {
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -956,9 +923,9 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet:process DiversifyKey: " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
- auditMessage = CMS.getLogMessage(
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
rCUID,
ILogger.SUCCESS,
@@ -969,7 +936,7 @@ public class TokenServlet extends CMSServlet {
} else {
- auditMessage = CMS.getLogMessage(
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
rCUID,
ILogger.FAILURE,
@@ -978,13 +945,13 @@ public class TokenServlet extends CMSServlet {
oldMasterKeyName,
newMasterKeyName,
errorMsg);
- }
+ }
- audit(auditMessage);
+ audit(auditMessage);
}
private void processEncryptData(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
+ HttpServletResponse resp) throws EBaseException {
byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo;
boolean missingParam = false;
byte[] data = null;
@@ -1004,10 +971,10 @@ public class TokenServlet extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ (String) sContext.get(SessionContext.USER_ID);
}
CMS.debug("keySet selected: " + keySet);
@@ -1032,20 +999,20 @@ public class TokenServlet extends CMSServlet {
if (isRandom) {
if ((rdata == null) || (rdata.equals(""))) {
- CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data");
+ CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data");
} else {
- CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
+ CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
}
try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- data = new byte[16];
- random.nextBytes(data);
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ data = new byte[16];
+ random.nextBytes(data);
} catch (Exception e) {
- CMS.debug("TokenServlet: processEncryptData():"+ e.toString());
- badParams += " Random Number,";
- missingParam = true;
+ CMS.debug("TokenServlet: processEncryptData():" + e.toString());
+ badParams += " Random Number,";
+ missingParam = true;
}
- } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){
+ } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) {
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data.");
badParams += " data,";
missingParam = true;
@@ -1056,75 +1023,74 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID");
missingParam = true;
}
-
+
if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
badParams += " KeyInfo,";
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info");
missingParam = true;
}
-
if (!missingParam) {
- xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
- }
- xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length");
- missingParam = true;
- }
+ xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ if (xCUID == null || xCUID.length != 10) {
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
+ }
+ xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+ if (xkeyInfo == null || xkeyInfo.length != 2) {
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length");
+ missingParam = true;
+ }
}
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
String selectedToken = null;
String keyNickName = null;
if (!missingParam) {
- if (!isRandom)
- data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
- keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
- if (mappingValue == null) {
- selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- keyNickName = rKeyInfo;
- } else {
- StringTokenizer st = new StringTokenizer(mappingValue, ":");
- selectedToken = st.nextToken();
- keyNickName = st.nextToken();
- }
-
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
- encryptedData = SessionKey.EncryptData(
- selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
- CMS.getLogger().log(ILogger.EV_AUDIT,
+ if (!isRandom)
+ data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
+ keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+ if (mappingValue == null) {
+ selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+ keyNickName = rKeyInfo;
+ } else {
+ StringTokenizer st = new StringTokenizer(mappingValue, ":");
+ selectedToken = st.nextToken();
+ keyNickName = st.nextToken();
+ }
+
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
+ encryptedData = SessionKey.EncryptData(
+ selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+ CMS.getLogger().log(ILogger.EV_AUDIT,
ILogger.S_TKS,
- ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID)));
+ ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID)));
} // !missingParam
resp.setContentType("text/html");
-
+
String value = "";
- String status = "0";
- if (encryptedData != null && encryptedData.length > 0) {
- String outputString = new String(encryptedData);
+ String status = "0";
+ if (encryptedData != null && encryptedData.length > 0) {
+ String outputString = new String(encryptedData);
// sending both the pre-encrypted and encrypted data back
- value = "status=0&"+"data="+
- com.netscape.cmsutil.util.Utils.SpecialEncode(data)+
- "&encryptedData=" +
+ value = "status=0&" + "data=" +
+ com.netscape.cmsutil.util.Utils.SpecialEncode(data) +
+ "&encryptedData=" +
com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData);
} else if (missingParam) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters: " + badParams;
status = "3";
@@ -1135,12 +1101,12 @@ public class TokenServlet extends CMSServlet {
value = "status=" + status;
}
- CMS.debug("TokenServlet:process EncryptData.encode " +value);
+ CMS.debug("TokenServlet:process EncryptData.encode " + value);
try {
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.lenght " +value.length());
-
+ CMS.debug("TokenServlet:outputString.lenght " + value.length());
+
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -1149,9 +1115,9 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
- auditMessage = CMS.getLogMessage(
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
rCUID,
ILogger.SUCCESS,
@@ -1163,7 +1129,7 @@ public class TokenServlet extends CMSServlet {
} else {
- auditMessage = CMS.getLogMessage(
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
rCUID,
ILogger.FAILURE,
@@ -1173,9 +1139,9 @@ public class TokenServlet extends CMSServlet {
selectedToken,
keyNickName,
errorMsg);
- }
+ }
- audit(auditMessage);
+ audit(auditMessage);
}
/*
@@ -1194,9 +1160,9 @@ public class TokenServlet extends CMSServlet {
*/
private void processComputeRandomData(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
-
- byte[] randomData = null;
+ HttpServletResponse resp) throws EBaseException {
+
+ byte[] randomData = null;
String status = "0";
String errorMsg = "";
String badParams = "";
@@ -1207,26 +1173,23 @@ public class TokenServlet extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ (String) sContext.get(SessionContext.USER_ID);
}
String sDataSize = req.getParameter("dataNumBytes");
- if(sDataSize == null || sDataSize.equals("")) {
+ if (sDataSize == null || sDataSize.equals("")) {
CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes");
badParams += " Random Data size, ";
missingParam = true;
status = "1";
} else {
- try
- {
- dataSize = Integer.parseInt(sDataSize.trim());
- }
- catch (NumberFormatException nfe)
- {
+ try {
+ dataSize = Integer.parseInt(sDataSize.trim());
+ } catch (NumberFormatException nfe) {
CMS.debug("TokenServlet::processComputeRandomData invalid data size input!");
badParams += " Random Data size, ";
missingParam = true;
@@ -1244,33 +1207,33 @@ public class TokenServlet extends CMSServlet {
audit(auditMessage);
- if(!missingParam) {
+ if (!missingParam) {
try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- randomData = new byte[dataSize];
- random.nextBytes(randomData);
- } catch (Exception e) {
- CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString());
- errorMsg = "Can't generate random data!";
- status = "2";
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ randomData = new byte[dataSize];
+ random.nextBytes(randomData);
+ } catch (Exception e) {
+ CMS.debug("TokenServlet::processComputeRandomData:" + e.toString());
+ errorMsg = "Can't generate random data!";
+ status = "2";
}
}
String randomDataOut = "";
- if(status.equals("0")) {
+ if (status.equals("0")) {
if (randomData != null && randomData.length == dataSize) {
randomDataOut =
- com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
+ com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
} else {
status = "2";
errorMsg = "Can't convert random data!";
}
}
- if(status.equals("1") && missingParam) {
+ if (status.equals("1") && missingParam) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters :" + badParams;
}
@@ -1278,15 +1241,15 @@ public class TokenServlet extends CMSServlet {
resp.setContentType("text/html");
String value = "";
- value = "status="+status;
- if(status.equals("0")) {
- value = value + "&DATA="+randomDataOut;
+ value = "status=" + status;
+ if (status.equals("0")) {
+ value = value + "&DATA=" + randomDataOut;
}
-
+
try {
resp.setContentLength(value.length());
- CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length());
-
+ CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length());
+
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -1295,22 +1258,22 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet::processComputeRandomData " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
ILogger.SUCCESS,
status,
agentId);
- } else {
- auditMessage = CMS.getLogMessage(
+ } else {
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
ILogger.FAILURE,
status,
agentId,
errorMsg);
- }
+ }
- audit(auditMessage);
+ audit(auditMessage);
}
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -1328,7 +1291,7 @@ public class TokenServlet extends CMSServlet {
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("TokenServlet: Unauthorized");
@@ -1338,7 +1301,7 @@ public class TokenServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("TokenServlet: " + e.toString());
}
@@ -1349,26 +1312,25 @@ public class TokenServlet extends CMSServlet {
String temp = req.getParameter("card_challenge");
mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
setDefaultSlotAndKeyName(req);
- if(temp!=null)
- {
- processComputeSessionKey(req,resp);
- }else if(req.getParameter("data")!=null){
- processEncryptData(req,resp);
- }else if(req.getParameter("newKeyInfo")!=null){
- processDiversifyKey(req,resp);
- }else if(req.getParameter("dataNumBytes") !=null){
- processComputeRandomData(req,resp);
+ if (temp != null) {
+ processComputeSessionKey(req, resp);
+ } else if (req.getParameter("data") != null) {
+ processEncryptData(req, resp);
+ } else if (req.getParameter("newKeyInfo") != null) {
+ processDiversifyKey(req, resp);
+ } else if (req.getParameter("dataNumBytes") != null) {
+ processComputeRandomData(req, resp);
}
}
/**
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
index 9d67065d..d9d3ddec 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
@@ -33,10 +33,10 @@ public interface IWizardPanel {
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
+ public void init(ServletConfig config, int panelno)
throws ServletException;
- public void init(WizardServlet servlet, ServletConfig config,
+ public void init(WizardServlet servlet, ServletConfig config,
int panelno, String id) throws ServletException;
public String getName();
@@ -44,7 +44,9 @@ public interface IWizardPanel {
public int getPanelNo();
public void setId(String id);
+
public String getId();
+
public PropertySet getUsage();
/**
@@ -84,20 +86,22 @@ public interface IWizardPanel {
*/
public void display(HttpServletRequest request,
HttpServletResponse response,
- Context context );
+ Context context);
+
/**
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
HttpServletResponse response,
- Context context ) throws IOException;
+ Context context) throws IOException;
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
HttpServletResponse response,
- Context context ) throws IOException;
+ Context context) throws IOException;
+
/**
* If validiate() returns false, this method will be called.
*/
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
index 691d3e98..bc4ab990 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
@@ -37,13 +37,13 @@ import com.netscape.cms.servlet.csadmin.Cert;
import com.netscape.cmsutil.crypto.Module;
/**
- * wizard?p=[panel number]&op=usage <= usage in xml
+ * wizard?p=[panel number]&op=usage <= usage in xml
* wizard?p=[panel number]&op=display
* wizard?p=[panel number]&op=next&...[additional parameters]...
* wizard?p=[panel number]&op=apply
* wizard?p=[panel number]&op=back
* wizard?op=menu
- * return menu options
+ * return menu options
*/
public class WizardServlet extends VelocityServlet {
@@ -54,8 +54,7 @@ public class WizardServlet extends VelocityServlet {
private String name = null;
private Vector mPanels = new Vector();
- public void init(ServletConfig config) throws ServletException
- {
+ public void init(ServletConfig config) throws ServletException {
super.init(config);
/* load sequence map */
@@ -64,33 +63,32 @@ public class WizardServlet extends VelocityServlet {
StringTokenizer st = new StringTokenizer(panels, ",");
int pno = 0;
while (st.hasMoreTokens()) {
- String p = st.nextToken();
- StringTokenizer st1 = new StringTokenizer(p, "=");
- String id = st1.nextToken();
- String pvalue = st1.nextToken();
- try {
- IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance();
- panel.init(this, config, pno, id);
- CMS.debug("WizardServlet: panel name=" + panel.getName());
- mPanels.addElement(panel);
- } catch (Exception e) {
- CMS.debug("WizardServlet: " + e.toString());
- }
- pno++;
+ String p = st.nextToken();
+ StringTokenizer st1 = new StringTokenizer(p, "=");
+ String id = st1.nextToken();
+ String pvalue = st1.nextToken();
+ try {
+ IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance();
+ panel.init(this, config, pno, id);
+ CMS.debug("WizardServlet: panel name=" + panel.getName());
+ mPanels.addElement(panel);
+ } catch (Exception e) {
+ CMS.debug("WizardServlet: " + e.toString());
+ }
+ pno++;
}
CMS.debug("WizardServlet: done");
-
+
}
public void exposePanels(HttpServletRequest request,
HttpServletResponse response,
- Context context )
- {
+ Context context) {
Enumeration e = mPanels.elements();
Vector panels = new Vector();
while (e.hasMoreElements()) {
- IWizardPanel p = (IWizardPanel)e.nextElement();
- panels.addElement(p);
+ IWizardPanel p = (IWizardPanel) e.nextElement();
+ panels.addElement(p);
}
context.put("panels", panels);
}
@@ -98,84 +96,80 @@ public class WizardServlet extends VelocityServlet {
/**
* Cleans up panels from a particular panel.
*/
- public void cleanUpFromPanel(int pno) throws IOException
- {
- /* panel number starts from zero */
- int s = mPanels.size();
- for (int i = pno; i < s; i++) {
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
- panel.cleanUp();
- }
+ public void cleanUpFromPanel(int pno) throws IOException {
+ /* panel number starts from zero */
+ int s = mPanels.size();
+ for (int i = pno; i < s; i++) {
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+ panel.cleanUp();
+ }
}
- public IWizardPanel getPanelByNo(int p)
- {
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+ public IWizardPanel getPanelByNo(int p) {
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
if (panel.shouldSkip()) {
- panel = getPanelByNo(p+1);
+ panel = getPanelByNo(p + 1);
}
return panel;
}
public Template displayPanel(HttpServletRequest request,
HttpServletResponse response,
- Context context )
- {
+ Context context) {
CMS.debug("WizardServlet: in display");
int p = getPanelNo(request);
if (p == 0) {
- CMS.debug("WizardServlet: firstpanel");
- context.put("firstpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: firstpanel");
+ context.put("firstpanel", Boolean.TRUE);
}
if (p == (mPanels.size() - 1)) {
- CMS.debug("WizardServlet: lastpanel");
- context.put("lastpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: lastpanel");
+ context.put("lastpanel", Boolean.TRUE);
}
IWizardPanel panel = getPanelByNo(p);
CMS.debug("WizardServlet: panel=" + panel);
if (panel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
+ context.put("showApplyButton", Boolean.TRUE);
else
- context.put("showApplyButton", Boolean.FALSE);
+ context.put("showApplyButton", Boolean.FALSE);
panel.display(request, response, context);
context.put("p", Integer.toString(panel.getPanelNo()));
try {
return Velocity.getTemplate("admin/console/config/wizard.vm");
- } catch (Exception e) {
+ } catch (Exception e) {
}
return null;
}
- public String xml_value_flatten(Object v)
- {
+ public String xml_value_flatten(Object v) {
String ret = "";
if (v instanceof String) {
ret += v;
} else if (v instanceof Integer) {
- ret += ((Integer)v).toString();
+ ret += ((Integer) v).toString();
} else if (v instanceof Vector) {
ret += "<Vector>";
- Vector v1 = (Vector)v;
+ Vector v1 = (Vector) v;
Enumeration e = v1.elements();
StringBuffer sb = new StringBuffer();
while (e.hasMoreElements()) {
- sb.append(xml_value_flatten(e.nextElement()));
+ sb.append(xml_value_flatten(e.nextElement()));
}
ret += sb.toString();
ret += "</Vector>";
} else if (v instanceof Module) { // for hardware token
- Module m = (Module)v;
+ Module m = (Module) v;
ret += "<Module>";
ret += "<CommonName>" + m.getCommonName() + "</CommonName>";
ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>";
ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>";
ret += "</Module>";
} else if (v instanceof Cert) {
- Cert m = (Cert)v;
+ Cert m = (Cert) v;
ret += "<CertReqPair>";
ret += "<Nickname>" + m.getNickname() + "</Nickname>";
ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>";
@@ -187,7 +181,7 @@ public class WizardServlet extends VelocityServlet {
ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>";
ret += "</CertReqPair>";
} else if (v instanceof IWizardPanel) {
- IWizardPanel m = (IWizardPanel)v;
+ IWizardPanel m = (IWizardPanel) v;
ret += "<Panel>";
ret += "<Id>" + m.getId() + "</Id>";
ret += "<Name>" + m.getName() + "</Name>";
@@ -198,89 +192,84 @@ public class WizardServlet extends VelocityServlet {
return ret;
}
- public String xml_flatten(Context context)
- {
+ public String xml_flatten(Context context) {
StringBuffer ret = new StringBuffer();
- Object o[] = context.getKeys();
- for (int i = 0; i < o.length; i ++) {
- if (o[i] instanceof String) {
- String key = (String)o[i];
- if (key.startsWith("__")) {
- continue;
- }
- ret.append("<");
- ret.append(key);
- ret.append(">");
- if (key.equals("bindpwd")) {
- ret.append("(sensitive)");
- } else {
- Object v = context.get(key);
- ret.append(xml_value_flatten(v));
+ Object o[] = context.getKeys();
+ for (int i = 0; i < o.length; i++) {
+ if (o[i] instanceof String) {
+ String key = (String) o[i];
+ if (key.startsWith("__")) {
+ continue;
+ }
+ ret.append("<");
+ ret.append(key);
+ ret.append(">");
+ if (key.equals("bindpwd")) {
+ ret.append("(sensitive)");
+ } else {
+ Object v = context.get(key);
+ ret.append(xml_value_flatten(v));
+ }
+ ret.append("</");
+ ret.append(key);
+ ret.append(">");
}
- ret.append("</");
- ret.append(key);
- ret.append(">");
- }
}
return ret.toString();
}
- public int getPanelNo(HttpServletRequest request)
- {
+ public int getPanelNo(HttpServletRequest request) {
int p = 0;
-
+
// panel number can be identified by either
// panel no (p parameter) directly, or
// panel name (panelname parameter).
if (request.getParameter("panelname") != null) {
- String name = request.getParameter("panelname");
- for (int i = 0; i < mPanels.size(); i++) {
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
- if (panel.getId().equals(name)) {
- return i;
+ String name = request.getParameter("panelname");
+ for (int i = 0; i < mPanels.size(); i++) {
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+ if (panel.getId().equals(name)) {
+ return i;
+ }
}
- }
} else if (request.getParameter("p") != null) {
- p = Integer.parseInt(request.getParameter("p"));
+ p = Integer.parseInt(request.getParameter("p"));
}
return p;
}
- public String getNameFromPanelNo(int p)
- {
- IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p);
- return wp.getId();
+ public String getNameFromPanelNo(int p) {
+ IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p);
+ return wp.getId();
}
- public IWizardPanel getPreviousPanel(int p)
- {
+ public IWizardPanel getPreviousPanel(int p) {
CMS.debug("getPreviousPanel input p=" + p);
- IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1);
+ IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1);
if (backpanel.isSubPanel()) {
- backpanel = (IWizardPanel)mPanels.elementAt(p-1-1);
+ backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1);
}
while (backpanel.shouldSkip()) {
- backpanel = (IWizardPanel)
+ backpanel = (IWizardPanel)
mPanels.elementAt(backpanel.getPanelNo() - 1);
}
CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo());
return backpanel;
}
- public IWizardPanel getNextPanel(int p)
- {
+ public IWizardPanel getNextPanel(int p) {
CMS.debug("getNextPanel input p=" + p);
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
if (p == (mPanels.size() - 1)) {
p = p;
- } else if(panel.isSubPanel()) {
- if (panel.isLoopbackPanel()) {
- p = p-1; // Login Panel is a loop back panel
- } else {
- p = p+1;
- }
- } else if (panel.hasSubPanel()) {
- p = p + 2;
+ } else if (panel.isSubPanel()) {
+ if (panel.isLoopbackPanel()) {
+ p = p - 1; // Login Panel is a loop back panel
+ } else {
+ p = p + 1;
+ }
+ } else if (panel.hasSubPanel()) {
+ p = p + 2;
} else {
p = p + 1;
}
@@ -291,15 +280,13 @@ public class WizardServlet extends VelocityServlet {
public Template goApply(HttpServletRequest request,
HttpServletResponse response,
- Context context)
- {
+ Context context) {
return goNextApply(request, response, context, true);
}
public Template goNext(HttpServletRequest request,
HttpServletResponse response,
- Context context )
- {
+ Context context) {
return goNextApply(request, response, context, false);
}
@@ -309,172 +296,167 @@ public class WizardServlet extends VelocityServlet {
*/
public Template goNextApply(HttpServletRequest request,
HttpServletResponse response,
- Context context, boolean stay )
- {
+ Context context, boolean stay) {
int p = getPanelNo(request);
if (stay == true)
CMS.debug("WizardServlet: in reply " + p);
else
CMS.debug("WizardServlet: in next " + p);
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
try {
- panel.validate(request, response, context);
- try {
- panel.update(request, response, context);
- if (stay == true) { // "apply"
-
- if (panel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
- else
- context.put("showApplyButton", Boolean.FALSE);
- panel.display(request, response, context);
- } else { // "next"
- IWizardPanel nextpanel = getNextPanel(p);
-
- if (nextpanel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
- else
- context.put("showApplyButton", Boolean.FALSE);
- nextpanel.display(request, response, context);
- panel = nextpanel;
+ panel.validate(request, response, context);
+ try {
+ panel.update(request, response, context);
+ if (stay == true) { // "apply"
+
+ if (panel.showApplyButton() == true)
+ context.put("showApplyButton", Boolean.TRUE);
+ else
+ context.put("showApplyButton", Boolean.FALSE);
+ panel.display(request, response, context);
+ } else { // "next"
+ IWizardPanel nextpanel = getNextPanel(p);
+
+ if (nextpanel.showApplyButton() == true)
+ context.put("showApplyButton", Boolean.TRUE);
+ else
+ context.put("showApplyButton", Boolean.FALSE);
+ nextpanel.display(request, response, context);
+ panel = nextpanel;
+ }
+ context.put("errorString", "");
+ } catch (Exception e) {
+ context.put("errorString", e.getMessage());
+ panel.displayError(request, response, context);
}
- context.put("errorString", "");
- } catch (Exception e) {
- context.put("errorString", e.getMessage());
- panel.displayError(request, response, context);
- }
} catch (IOException eee) {
- context.put("errorString", eee.getMessage());
- panel.displayError(request, response, context);
+ context.put("errorString", eee.getMessage());
+ panel.displayError(request, response, context);
}
p = panel.getPanelNo();
CMS.debug("panel no=" + p);
CMS.debug("panel name=" + getNameFromPanelNo(p));
- CMS.debug("total number of panels="+mPanels.size());
+ CMS.debug("total number of panels=" + mPanels.size());
context.put("p", Integer.toString(p));
context.put("panelname", getNameFromPanelNo(p));
if (p == 0) {
- CMS.debug("WizardServlet: firstpanel");
- context.put("firstpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: firstpanel");
+ context.put("firstpanel", Boolean.TRUE);
}
if (p == (mPanels.size() - 1)) {
- CMS.debug("WizardServlet: lastpanel");
- context.put("lastpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: lastpanel");
+ context.put("lastpanel", Boolean.TRUE);
}
// this is where we handle the xml request
String xml = request.getParameter("xml");
if (xml != null && xml.equals("true")) {
- CMS.debug("WizardServlet: found xml");
-
- response.setContentType("application/xml");
- String xmlstr = xml_flatten(context);
- context.put("xml", xmlstr);
- try {
- return Velocity.getTemplate("admin/console/config/xml.vm");
- } catch (Exception e) {
- CMS.debug("Failing to get template" + e );
- }
+ CMS.debug("WizardServlet: found xml");
+
+ response.setContentType("application/xml");
+ String xmlstr = xml_flatten(context);
+ context.put("xml", xmlstr);
+ try {
+ return Velocity.getTemplate("admin/console/config/xml.vm");
+ } catch (Exception e) {
+ CMS.debug("Failing to get template" + e);
+ }
} else {
- try {
- return Velocity.getTemplate("admin/console/config/wizard.vm");
- } catch (Exception e) {
- CMS.debug("Failing to get template" + e );
- }
+ try {
+ return Velocity.getTemplate("admin/console/config/wizard.vm");
+ } catch (Exception e) {
+ CMS.debug("Failing to get template" + e);
+ }
}
return null;
}
public Template goBack(HttpServletRequest request,
HttpServletResponse response,
- Context context )
- {
+ Context context) {
int p = getPanelNo(request);
CMS.debug("WizardServlet: in back " + p);
IWizardPanel backpanel = getPreviousPanel(p);
if (backpanel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
+ context.put("showApplyButton", Boolean.TRUE);
else
- context.put("showApplyButton", Boolean.FALSE);
+ context.put("showApplyButton", Boolean.FALSE);
backpanel.display(request, response, context);
- context.put("p", Integer.toString(backpanel.getPanelNo()));
+ context.put("p", Integer.toString(backpanel.getPanelNo()));
context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo()));
p = backpanel.getPanelNo();
if (p == 0) {
- CMS.debug("WizardServlet: firstpanel");
- context.put("firstpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: firstpanel");
+ context.put("firstpanel", Boolean.TRUE);
}
if (p == (mPanels.size() - 1)) {
- CMS.debug("WizardServlet: lastpanel");
- context.put("lastpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: lastpanel");
+ context.put("lastpanel", Boolean.TRUE);
}
try {
return Velocity.getTemplate("admin/console/config/wizard.vm");
- } catch (Exception e) {
+ } catch (Exception e) {
}
return null;
}
public boolean authenticate(HttpServletRequest request,
HttpServletResponse response,
- Context context ) {
- String pin = (String)request.getSession().getAttribute("pin");
- if (pin == null) {
- try {
- response.sendRedirect("login");
- } catch (IOException e) {
+ Context context) {
+ String pin = (String) request.getSession().getAttribute("pin");
+ if (pin == null) {
+ try {
+ response.sendRedirect("login");
+ } catch (IOException e) {
+ }
+ return false;
}
- return false;
- }
- return true;
+ return true;
}
- public void outputHttpParameters(HttpServletRequest httpReq)
- {
+ public void outputHttpParameters(HttpServletRequest httpReq) {
CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
- String pn = (String)paramNames.nextElement();
+ String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
// all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("WizardServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("directoryManagerPwd") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("WizardServlet::service() param name='" + pn +
+ "' value='(sensitive)'");
} else {
- CMS.debug("WizardServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("WizardServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
-
public Template handleRequest(HttpServletRequest request,
HttpServletResponse response,
- Context context )
- {
+ Context context) {
CMS.debug("WizardServlet: process");
- if (CMS.debugOn()) {
- outputHttpParameters(request);
+ if (CMS.debugOn()) {
+ outputHttpParameters(request);
}
if (!authenticate(request, response, context)) {
@@ -484,7 +466,7 @@ public class WizardServlet extends VelocityServlet {
String op = request.getParameter("op"); /* operation */
if (op == null) {
- op = "display";
+ op = "display";
}
CMS.debug("WizardServlet: op=" + op);
CMS.debug("WizardServlet: size=" + mPanels.size());
generated by cgit (git 2.34.1) at 2024-06-10 15:05:49 +0000